Hướng dẫn sử dụng chức năng "Block Exploits, SQL Injections"

Last Updated on 14/11/2024

Đây là một tính năng giúp tăng cường bảo mật cho website, cải thiện khả năng chống lại các cuộc tấn công như Exploits và SQL Injections.

Dưới đây là cấu hình của tính năng này:

# Blocking HTTP POST Attack limit_req_status 444; if ($args ~ CtrlFunc_* ) { return 444; } set $my_var 0; set $the_var 2; if ($request_method = POST ) { set $my_var 1; } if ($args = / ) { set $the_var 1; } if ($my_var = $the_var ) { return 444; } # from # http://www.howtoforge.com/nginx-how-to-block-exploits-sql-injections-file-injections-spam-user-agents-etc ## Block SQL injections set $block_sql_injections 0; if ($query_string ~ "union.*select.*\(") { set $block_sql_injections 1; } if ($query_string ~ "union.*all.*select.*") { set $block_sql_injections 1; } if ($query_string ~ "concat.*$") { set $block_sql_injections 1; } if ($block_sql_injections = 1) { return 403; } ## Block file injections set $block_file_injections 0; if ($query_string ~ "[a-zA-Z0-9_]=http://") { set $block_file_injections 1; } if ($query_string ~ "[a-zA-Z0-9_]=(\.\.//?)+") { set $block_file_injections 1; } if ($query_string ~ "[a-zA-Z0-9_]=/([a-z0-9_.]//?)+") { set $block_file_injections 1; } if ($block_file_injections = 1) { return 403; } ## Block common exploits set $block_common_exploits 0; if ($query_string ~ "(<|%3C).*script.*(>|%3E)") { set $block_common_exploits 1; } if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})") { set $block_common_exploits 1; } if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})") { set $block_common_exploits 1; } if ($query_string ~ "proc/self/environ") { set $block_common_exploits 1; } if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|\%3D)") { set $block_common_exploits 1; } if ($query_string ~ "base64_(en|de)code\(.*$") { set $block_common_exploits 1; } if ($block_common_exploits = 1) { return 403; } ## Block spam set $block_spam 0; if ($query_string ~ "\b(ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo)\b") { set $block_spam 1; } if ($query_string ~ "\b(erections|hoodia|huronriveracres|impotence|levitra|libido)\b") { set $block_spam 1; } if ($query_string ~ "\b(ambien|blue\spill|cialis|cocaine|ejaculation|erectile)\b") { set $block_spam 1; } if ($query_string ~ "\b(lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby)\b") { set $block_spam 1; } if ($block_spam = 1) { return 403; } ## Block user agents set $block_user_agents 0; # Don't disable wget if you need it to run cron jobs! #if ($http_user_agent ~ "Wget") { # set $block_user_agents 1; #} # Disable Akeeba Remote Control 2.5 and earlier if ($http_user_agent ~ "Indy Library") { set $block_user_agents 1; } # Common bandwidth hoggers and hacking tools. if ($http_user_agent ~ "libwww-perl") { set $block_user_agents 1; } if ($http_user_agent ~ "GetRight") { set $block_user_agents 1; } if ($http_user_agent ~ "GetWeb!") { set $block_user_agents 1; } if ($http_user_agent ~ "Go!Zilla") { set $block_user_agents 1; } if ($http_user_agent ~ "Download Demon") { set $block_user_agents 1; } if ($http_user_agent ~ "Go-Ahead-Got-It") { set $block_user_agents 1; } if ($http_user_agent ~ "TurnitinBot") { set $block_user_agents 1; } if ($http_user_agent ~ "GrabNet") { set $block_user_agents 1; } if ($block_user_agents = 1) { return 403; }

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127

# Blocking HTTP POST Attack

limit_req_status 444;
if ($args ~ CtrlFunc_* ) {   return 444; }
set $my_var 0;
set $the_var 2;
if ($request_method = POST ) {    set $my_var 1; }
if ($args = / ) {    set $the_var 1; }
if ($my_var = $the_var ) { return 444; }

# from
# http://www.howtoforge.com/nginx-how-to-block-exploits-sql-injections-file-injections-spam-user-agents-etc

    ## Block SQL injections
    set $block_sql_injections 0;
    if ($query_string ~ "union.*select.*\(") {
        set $block_sql_injections 1;
    }
    if ($query_string ~ "union.*all.*select.*") {
        set $block_sql_injections 1;
    }
    if ($query_string ~ "concat.*\(") {
        set $block_sql_injections 1;
    }
    if ($block_sql_injections = 1) {
        return 403;
    }

    ## Block file injections
    set $block_file_injections 0;
    if ($query_string ~ "[a-zA-Z0-9_]=http://") {
        set $block_file_injections 1;
    }
    if ($query_string ~ "[a-zA-Z0-9_]=(\.\.//?)+") {
        set $block_file_injections 1;
    }
    if ($query_string ~ "[a-zA-Z0-9_]=/([a-z0-9_.]//?)+") {
        set $block_file_injections 1;
    }
    if ($block_file_injections = 1) {
        return 403;
    }

    ## Block common exploits
    set $block_common_exploits 0;
    if ($query_string ~ "(<|%3C).*script.*(>|%3E)") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "proc/self/environ") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|\%3D)") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "base64_(en|de)code$.*$") {
        set $block_common_exploits 1;
    }
    if ($block_common_exploits = 1) {
        return 403;
    }

    ## Block spam
    set $block_spam 0;
    if ($query_string ~ "\b(ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo)\b") {
        set $block_spam 1;
    }
    if ($query_string ~ "\b(erections|hoodia|huronriveracres|impotence|levitra|libido)\b") {
        set $block_spam 1;
    }
    if ($query_string ~ "\b(ambien|blue\spill|cialis|cocaine|ejaculation|erectile)\b") {
        set $block_spam 1;
    }
    if ($query_string ~ "\b(lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby)\b") {
        set $block_spam 1;
    }
    if ($block_spam = 1) {
        return 403;
    }

    ## Block user agents
    set $block_user_agents 0;

    # Don't disable wget if you need it to run cron jobs!
    #if ($http_user_agent ~ "Wget") {
    #    set $block_user_agents 1;
    #}

    # Disable Akeeba Remote Control 2.5 and earlier
    if ($http_user_agent ~ "Indy Library") {
        set $block_user_agents 1;
    }

    # Common bandwidth hoggers and hacking tools.
    if ($http_user_agent ~ "libwww-perl") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "GetRight") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "GetWeb!") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "Go!Zilla") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "Download Demon") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "Go-Ahead-Got-It") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "TurnitinBot") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "GrabNet") {
        set $block_user_agents 1;
    }

    if ($block_user_agents = 1) {
        return 403;
    }

Bạn có thể edit nội dung này trong: /etc/nginx/conf/block.conf

Đường dẫn chức năng: VPSSIM menu ==> Bảo mật server & website ==> Block Exploits, SQL Injections ==> BAT/TAT [Block Exploits, SQL Injections]

Cách sử dụng:

=========================================================================
        VPSSIM (5.1.0) - Quan Ly VPS/Server By HTTP://VPSSIM.COM
=========================================================================
                         Bao Mat Server & Website
=========================================================================

1) Thay Doi Mat Khau Mac Dinh	      6) Bao Ve wp-login.php - Wordpress
2) Check & Block IP DOS		      7) Block Exploits, SQL Injections
3) Thay Doi Port SSH Number	      8) Block Bad Bots Scan Website
4) Dat Mat Khau Bao Ve Folder	      9) Run Script In Writable Folder
5) Dat Mat Khau Bao Ve Website	     10) Thay Password Account Root
Lua chon cua ban (0-Thoat): 7
=========================================================================
Huong dan su dung: http://go.vpssim.com/1132
=========================================================================
1) BAT/TAT [Block Exploits, SQL Injections]
2) List Website BAT [Block Exploits, SQL Injections]
Lua chon cua ban (0-Thoat): 1
=========================================================================
Chuc nang nay de BAT/TAT [Block Exploits, SQL Injections] cho Website
-------------------------------------------------------------------------
Edit rules tai: /etc/nginx/conf/block.conf
=========================================================================
Danh sach cac website tren server:
-------------------------------------------------------------------------
1.   abcd.com             2.   acdc.com
3.   asdasd.com           4.   asdsad.com
5.   asdsadsad.com        6.   dantri.co
7.   dantri.com           8.   dantri.vn
9.   kiemtra.com          10.  lave.com
11.  om.vpssim.com        12.  sadasdsd.com
13.  sdasd.com            14.  test.com
=========================================================================
Nhap so tuong ung voi website (0-Thoat): 1
=========================================================================
abcd.com hien tai dang TAT [Block Exploits, SQL Injections]
-------------------------------------------------------------------------
Ban muon BAT chuc nang nay ?  [y/N] y

=========================================================================

VPSSIM (5.1.0) - Quan Ly VPS/Server By HTTP://VPSSIM.COM

=========================================================================

Bao Mat Server & Website

=========================================================================

1) Thay Doi Mat Khau Mac Dinh 6) Bao Ve wp-login.php - Wordpress

2) Check & Block IP DOS 7) Block Exploits, SQL Injections

3) Thay Doi Port SSH Number 8) Block Bad Bots Scan Website

4) Dat Mat Khau Bao Ve Folder 9) Run Script In Writable Folder

5) Dat Mat Khau Bao Ve Website 10) Thay Password Account Root

Lua chon cua ban (0-Thoat): 7

=========================================================================

Huong dan su dung: http://go.vpssim.com/1132

=========================================================================

1) BAT/TAT [Block Exploits, SQL Injections]

2) List Website BAT [Block Exploits, SQL Injections]

Lua chon cua ban (0-Thoat): 1

=========================================================================

Chuc nang nay de BAT/TAT [Block Exploits, SQL Injections] cho Website

-------------------------------------------------------------------------

Edit rules tai: /etc/nginx/conf/block.conf

=========================================================================

Danh sach cac website tren server:

-------------------------------------------------------------------------

1. abcd.com 2. acdc.com

3. asdasd.com 4. asdsad.com

5. asdsadsad.com 6. dantri.co

7. dantri.com 8. dantri.vn

9. kiemtra.com 10. lave.com

11. om.vpssim.com 12. sadasdsd.com

13. sdasd.com 14. test.com

=========================================================================

Nhap so tuong ung voi website (0-Thoat): 1

=========================================================================

abcd.com hien tai dang TAT [Block Exploits, SQL Injections]

-------------------------------------------------------------------------

Ban muon BAT chuc nang nay ? [y/N] y

Hướng dẫn sử dụng chức năng “Block Exploits, SQL Injections”

Comments

Leave a Reply Cancel reply