zoukankan      html  css  js  c++  java

  • nginx 服务器安全配置

    查看nginx日志发现有很多尝试暴力破解服务器的请求,如下:

    129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /zxc0.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /zxc1.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /zxc2.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /indexa.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /lx.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /cn.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /api.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /index1.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /info.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /info1.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /aaaaaa1.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /up.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /test123.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /test123.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /fb.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /paylog.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /paylog.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /x.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:03 +0800] "POST /cnm.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:03 +0800] "POST /test404.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:03 +0800] "POST /test.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:03 +0800] "POST /phpinf0.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:03 +0800] "POST /1ndex.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:12 +0800] "POST /autoloader.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:12 +0800] "POST /class1.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:12 +0800] "POST /test404.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:12 +0800] "POST /shi.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:12 +0800] "POST /think.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:12 +0800] "POST /back.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:12 +0800] "POST /DJ.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"

    此类请求大多无法响应,被返回40x或者50x 

    因此可做简单配置,过滤该类对应ip的请求; 

    nginx 配置/etc/nginx/nginx.conf  增加 include  ip.black;   

    http {
    include  ip.black;  
    access_log  /var/log/nginx/access.log  main;
#....
}

    在对应的/etc/nginx 创建  ip.black 文件,并加入禁止访问的ip eg:

    deny 193.27.228.27 ;
deny 198.245.49.194 ;
deny 139.162.81.62 ;
deny 139.199.82.44 ;
deny 165.232.50.11

    然后重启nginx ,nginx -s reload 

    由于请求不定期到来进行破坏,因此最好加上crontab,crontab -e  编辑对应规则定时加入黑名单,需要重启ng生效

    1 */1 * * * grep php /var/log/nginx/access.log |grep -v "自己的ip" |grep -E "40[0-9]|50[1-9]" |awk -F ' ' '{print "deny
",$1, ";"}' |sort -u >> /etc/nginx/ip.black
  • 相关阅读:
    Java必会之多线程
    第一周JVM核心技术-工具与GC策略
    JVM核心技术(第一篇)
    SpringCloudAlibaba使用seata做分布式事务
    Go中的interface(接口)
    快排与堆排
    优先队列原来不难!带你手写一个
    【LeetCode】557. 反转字符串中的单词 III
    【LeetCode】214. 最短回文串
    【LeetCode】17. 电话号码的字母组合(回溯)
  • 原文地址:https://www.cnblogs.com/lavin/p/13821197.html
Copyright © 2011-2022 走看看