• nginx 服务器安全配置


    查看nginx日志发现有很多尝试暴力破解服务器的请求,如下:

    129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /zxc0.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
    129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /zxc1.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
    129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /zxc2.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
    129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /indexa.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
    129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /lx.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
    129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /cn.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
    129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /api.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
    129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /index1.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
    129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /info.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
    129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /info1.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
    129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /aaaaaa1.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
    129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /up.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
    129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /test123.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
    129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /test123.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
    129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /fb.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
    129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /paylog.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
    129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /paylog.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
    129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /x.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
    129.28.104.59 - - [14/Oct/2020:17:25:03 +0800] "POST /cnm.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
    129.28.104.59 - - [14/Oct/2020:17:25:03 +0800] "POST /test404.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
    129.28.104.59 - - [14/Oct/2020:17:25:03 +0800] "POST /test.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
    129.28.104.59 - - [14/Oct/2020:17:25:03 +0800] "POST /phpinf0.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
    129.28.104.59 - - [14/Oct/2020:17:25:03 +0800] "POST /1ndex.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
    129.28.104.59 - - [14/Oct/2020:17:25:12 +0800] "POST /autoloader.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
    129.28.104.59 - - [14/Oct/2020:17:25:12 +0800] "POST /class1.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
    129.28.104.59 - - [14/Oct/2020:17:25:12 +0800] "POST /test404.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
    129.28.104.59 - - [14/Oct/2020:17:25:12 +0800] "POST /shi.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
    129.28.104.59 - - [14/Oct/2020:17:25:12 +0800] "POST /think.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
    129.28.104.59 - - [14/Oct/2020:17:25:12 +0800] "POST /back.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
    129.28.104.59 - - [14/Oct/2020:17:25:12 +0800] "POST /DJ.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"

    此类请求大多无法响应,被返回40x或者50x 

    因此可做简单配置,过滤该类对应ip的请求; 

    nginx 配置/etc/nginx/nginx.conf  增加 include  ip.black;   

    http {
        include  ip.black;  
        access_log  /var/log/nginx/access.log  main;
    #....
    }

    在对应的/etc/nginx 创建  ip.black 文件,并加入禁止访问的ip eg:

    deny 193.27.228.27 ;
    deny 198.245.49.194 ;
    deny 139.162.81.62 ;
    deny 139.199.82.44 ;
    deny 165.232.50.11

    然后重启nginx ,nginx -s reload 

    由于请求不定期到来进行破坏,因此最好加上crontab,crontab -e  编辑对应规则定时加入黑名单,需要重启ng生效

    1 */1 * * * grep php /var/log/nginx/access.log |grep -v "自己的ip" |grep -E "40[0-9]|50[1-9]" |awk -F ' ' '{print "deny
    ",$1, ";"}' |sort -u >> /etc/nginx/ip.black

  • 相关阅读:
    Eighth scrum meeting
    Seventh scrum meeting
    Sixth scrum meeting
    Fifth scrum meeting
    Forth scrum meeting
    Third scrum meeting
    2019-07-25 L430 生物 GPS
    L429 Why Do Smart People Do Foolish Things?
    L427 长难句
    L426
  • 原文地址:https://www.cnblogs.com/lavin/p/13821197.html
Copyright © 2020-2023  润新知