zoukankan      html  css  js  c++  java

  • nginx 服务器安全配置

    查看nginx日志发现有很多尝试暴力破解服务器的请求,如下:

    129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /zxc0.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /zxc1.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /zxc2.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /indexa.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /lx.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /cn.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /api.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /index1.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /info.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /info1.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /aaaaaa1.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /up.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /test123.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /test123.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /fb.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /paylog.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /paylog.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /x.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:03 +0800] "POST /cnm.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:03 +0800] "POST /test404.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:03 +0800] "POST /test.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:03 +0800] "POST /phpinf0.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:03 +0800] "POST /1ndex.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:12 +0800] "POST /autoloader.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:12 +0800] "POST /class1.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:12 +0800] "POST /test404.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:12 +0800] "POST /shi.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:12 +0800] "POST /think.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:12 +0800] "POST /back.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:12 +0800] "POST /DJ.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"

    此类请求大多无法响应,被返回40x或者50x 

    因此可做简单配置,过滤该类对应ip的请求; 

    nginx 配置/etc/nginx/nginx.conf  增加 include  ip.black;   

    http {
    include  ip.black;  
    access_log  /var/log/nginx/access.log  main;
#....
}

    在对应的/etc/nginx 创建  ip.black 文件,并加入禁止访问的ip eg:

    deny 193.27.228.27 ;
deny 198.245.49.194 ;
deny 139.162.81.62 ;
deny 139.199.82.44 ;
deny 165.232.50.11

    然后重启nginx ,nginx -s reload 

    由于请求不定期到来进行破坏,因此最好加上crontab,crontab -e  编辑对应规则定时加入黑名单,需要重启ng生效

    1 */1 * * * grep php /var/log/nginx/access.log |grep -v "自己的ip" |grep -E "40[0-9]|50[1-9]" |awk -F ' ' '{print "deny
",$1, ";"}' |sort -u >> /etc/nginx/ip.black
  • 相关阅读:
    消息队列RocketMQ版最佳实践订阅关系一致
    Java8 stream、List forEach 遍历对象 List 对某一字段重新赋值
    SQL的嵌套查询与连接查询
    Xshell7 个人可以申请免费使用正版
    @NotEmpty、@NotBlank、@NotNull 区别和使用
    List集合日常总结
    Time Zone(时区)
    Arrays.asList() 和Collections.singletonList()的区别
    GitBash生成SSH密钥
    Mysql中用SQL增加、删除、修改(包括字段长度/注释/字段名)总结
  • 原文地址:https://www.cnblogs.com/lavin/p/13821197.html
Copyright © 2011-2022 走看看