zoukankan      html  css  js  c++  java

  • nginx 服务器安全配置

    查看nginx日志发现有很多尝试暴力破解服务器的请求,如下:

    129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /zxc0.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /zxc1.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /zxc2.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /indexa.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /lx.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /cn.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /api.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /index1.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /info.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /info1.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /aaaaaa1.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /up.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /test123.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /test123.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /fb.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /paylog.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /paylog.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /x.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:03 +0800] "POST /cnm.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:03 +0800] "POST /test404.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:03 +0800] "POST /test.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:03 +0800] "POST /phpinf0.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:03 +0800] "POST /1ndex.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:12 +0800] "POST /autoloader.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:12 +0800] "POST /class1.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:12 +0800] "POST /test404.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:12 +0800] "POST /shi.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:12 +0800] "POST /think.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:12 +0800] "POST /back.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:12 +0800] "POST /DJ.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"

    此类请求大多无法响应,被返回40x或者50x 

    因此可做简单配置,过滤该类对应ip的请求; 

    nginx 配置/etc/nginx/nginx.conf  增加 include  ip.black;   

    http {
    include  ip.black;  
    access_log  /var/log/nginx/access.log  main;
#....
}

    在对应的/etc/nginx 创建  ip.black 文件,并加入禁止访问的ip eg:

    deny 193.27.228.27 ;
deny 198.245.49.194 ;
deny 139.162.81.62 ;
deny 139.199.82.44 ;
deny 165.232.50.11

    然后重启nginx ,nginx -s reload 

    由于请求不定期到来进行破坏,因此最好加上crontab,crontab -e  编辑对应规则定时加入黑名单,需要重启ng生效

    1 */1 * * * grep php /var/log/nginx/access.log |grep -v "自己的ip" |grep -E "40[0-9]|50[1-9]" |awk -F ' ' '{print "deny
",$1, ";"}' |sort -u >> /etc/nginx/ip.black
  • 相关阅读:
    java初学者之java语言主要知识点三
    C++类的对象和类的指针的区别
    win32多线程: 线程创建与结束等待
    多线程学习:win32多线程编程基本概念(转)
    C++常用数据类型和Windows常见数据类型
    VC++2017关于项目出现"const char *" 类型的实参与 "char *" 类型的形参不兼容错误的解决方法
    Linux环境下vi/vim编辑器常用命令
    c++学习笔记之类模板
    c++学习笔记之函数重载和模板理解
    c++学习笔记之多态和虚函数
  • 原文地址:https://www.cnblogs.com/lavin/p/13821197.html
Copyright © 2011-2022 走看看