• Hướng dẫn sử dụng chức năng "Block Exploits, SQL Injections"

  • Thành viên post các bài hướng dẫn sử dụng VPSSIM.

Thành viên post các bài hướng dẫn sử dụng VPSSIM.
 #927  by nguyenoanh
 15 Jul 2018 17:09
Đây là một chức năng nhằm giúp website tăng bảo mật, nâng cao khả năng chống lại Exploits, SQL Injections.

Đây là config của nó:
Code: Select all
# Blocking HTTP POST Attack

limit_req_status 444;
if ($args ~ CtrlFunc_* ) {   return 444; }
set $my_var 0;
set $the_var 2;
if ($request_method = POST ) {    set $my_var 1; }
if ($args = / ) {    set $the_var 1; }
if ($my_var = $the_var ) { return 444; }

# from
# http://www.howtoforge.com/nginx-how-to-block-exploits-sql-injections-file-injections-spam-user-agents-etc

    ## Block SQL injections
    set $block_sql_injections 0;
    if ($query_string ~ "union.*select.*\(") {
        set $block_sql_injections 1;
    }
    if ($query_string ~ "union.*all.*select.*") {
        set $block_sql_injections 1;
    }
    if ($query_string ~ "concat.*\(") {
        set $block_sql_injections 1;
    }
    if ($block_sql_injections = 1) {
        return 403;
    }

    ## Block file injections
    set $block_file_injections 0;
    if ($query_string ~ "[a-zA-Z0-9_]=http://") {
        set $block_file_injections 1;
    }
    if ($query_string ~ "[a-zA-Z0-9_]=(\.\.//?)+") {
        set $block_file_injections 1;
    }
    if ($query_string ~ "[a-zA-Z0-9_]=/([a-z0-9_.]//?)+") {
        set $block_file_injections 1;
    }
    if ($block_file_injections = 1) {
        return 403;
    }

    ## Block common exploits
    set $block_common_exploits 0;
    if ($query_string ~ "(<|%3C).*script.*(>|%3E)") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "proc/self/environ") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|\%3D)") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "base64_(en|de)code\(.*\)") {
        set $block_common_exploits 1;
    }
    if ($block_common_exploits = 1) {
        return 403;
    }

    ## Block spam
    set $block_spam 0;
    if ($query_string ~ "\b(ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo)\b") {
        set $block_spam 1;
    }
    if ($query_string ~ "\b(erections|hoodia|huronriveracres|impotence|levitra|libido)\b") {
        set $block_spam 1;
    }
    if ($query_string ~ "\b(ambien|blue\spill|cialis|cocaine|ejaculation|erectile)\b") {
        set $block_spam 1;
    }
    if ($query_string ~ "\b(lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby)\b") {
        set $block_spam 1;
    }
    if ($block_spam = 1) {
        return 403;
    }

    ## Block user agents
    set $block_user_agents 0;

    # Don't disable wget if you need it to run cron jobs!
    #if ($http_user_agent ~ "Wget") {
    #    set $block_user_agents 1;
    #}

    # Disable Akeeba Remote Control 2.5 and earlier
    if ($http_user_agent ~ "Indy Library") {
        set $block_user_agents 1;
    }

    # Common bandwidth hoggers and hacking tools.
    if ($http_user_agent ~ "libwww-perl") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "GetRight") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "GetWeb!") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "Go!Zilla") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "Download Demon") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "Go-Ahead-Got-It") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "TurnitinBot") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "GrabNet") {
        set $block_user_agents 1;
    }

    if ($block_user_agents = 1) {
        return 403;
    }

Bạn có thể edit nội dung này trong: /etc/nginx/conf/block.conf


Đường dẫn chức năng: VPSSIM menu ==> Bảo mật server & website ==> Block Exploits, SQL Injections ==> BAT/TAT [Block Exploits, SQL Injections]

Cách sử dụng:

Mình sẽ bật chức năng này cho oanh.com
=========================================================================
                VPSSIM - Quan Ly VPS/Server by HostingAZ.VN
=========================================================================
                         Bao Mat Server & Website
=========================================================================

1) User & Password Mac Dinh	     6) Thay Doi Port SSH Number
2) Quan Ly CSF Firewall		     7) Dat Mat Khau Bao Ve Folder
3) Quan Ly IPtables Firewall	     8) Block Exploits, SQL Injections
4) Linux Malware Detect & ClamAV     9) BAT/TAT Email Thong Bao Login
5) Check & Block IP DOS		    10) Thay Password Account Root
Lua chon cua ban (0-Thoat): 8
=========================================================================
1) BAT/TAT [Block Exploits, SQL Injections]
2) List Website BAT [Block Exploits, SQL Injections]
Lua chon cua ban (0-Thoat): 1
=========================================================================
Chuc nang nay de BAT/TAT [Block Exploits, SQL Injections] cho Website
-------------------------------------------------------------------------
Edit rules tai: /etc/nginx/conf/block.conf
=========================================================================
Ban muon xem danh sach website tren server ? [y/N]
=========================================================================
Nhap ten website: oanh.com
=========================================================================
oanh.com hien tai dang TAT [Block Exploits, SQL Injections]
-------------------------------------------------------------------------
Ban muon BAT chuc nang nay ?  [y/N] y
Kết quả:
=========================================================================
BAT [Block Exploits, SQL Injections] cho oanh.com thanh cong !
=========================================================================
                VPSSIM - Quan Ly VPS/Server by HostingAZ.VN
=========================================================================
                         Bao Mat Server & Website
=========================================================================

1) User & Password Mac Dinh	     6) Thay Doi Port SSH Number
2) Quan Ly CSF Firewall		     7) Dat Mat Khau Bao Ve Folder
3) Quan Ly IPtables Firewall	     8) Block Exploits, SQL Injections
4) Linux Malware Detect & ClamAV     9) BAT/TAT Email Thong Bao Login
5) Check & Block IP DOS		    10) Thay Password Account Root
Lua chon cua ban (0-Thoat):
Xem danh sách các website đang bật chức năng này:
=========================================================================
                VPSSIM - Quan Ly VPS/Server by HostingAZ.VN
=========================================================================
                         Bao Mat Server & Website
=========================================================================

1) User & Password Mac Dinh	     6) Thay Doi Port SSH Number
2) Quan Ly CSF Firewall		     7) Dat Mat Khau Bao Ve Folder
3) Quan Ly IPtables Firewall	     8) Block Exploits, SQL Injections
4) Linux Malware Detect & ClamAV     9) BAT/TAT Email Thong Bao Login
5) Check & Block IP DOS		    10) Thay Password Account Root
Lua chon cua ban (0-Thoat): 8
=========================================================================
1) BAT/TAT [Block Exploits, SQL Injections]
2) List Website BAT [Block Exploits, SQL Injections]
Lua chon cua ban (0-Thoat): 2
Kết quả:
=========================================================================
Website on server: 6
-------------------------------------------------------------------------
Website ENABLED [Block Exploits, SQL Injections]: 1
-------------------------------------------------------------------------
oanh.com
=========================================================================
                VPSSIM - Quan Ly VPS/Server by HostingAZ.VN
=========================================================================
                         Bao Mat Server & Website
=========================================================================

1) User & Password Mac Dinh	     6) Thay Doi Port SSH Number
2) Quan Ly CSF Firewall		     7) Dat Mat Khau Bao Ve Folder
3) Quan Ly IPtables Firewall	     8) Block Exploits, SQL Injections
4) Linux Malware Detect & ClamAV     9) BAT/TAT Email Thong Bao Login
5) Check & Block IP DOS		    10) Thay Password Account Root
Lua chon cua ban (0-Thoat):
Get 25 USD Free To USE VPSSIM