当前位置: 文江博客话题详情

IIS / PHP 暴力安全模块 - 有建议吗?

发布于 2024-12-05 03:11:08 字数 332 浏览 1 评论 0原文

我在 IIS 7.5 上运行 Wordpress - 今天我查看日志,注意到我的网站上有很多暴力尝试,寻找可能损害其安全性的文件。特别是寻找安装文件、phpMyAdmin、其他 mysql 内容等 - 所有这些都是 404。

根据这些信息,我可以通过哪些方式创建安全模块来 A) 阻止某人出现超过 [n] 个 404一行。 B) 阻止匹配某些关键字的人,例如寻找 phpMyAdmin。 C) 这是可选的,但如果我想硬编码/添加一些 IP 地址,理想的解决方案也会阻止 IP 地址。

我有一些想法,但我也在寻找其他建议。由于服务器是 IIS,我更喜欢使用 C# ASP.NET 或以某种方式嵌入 IIS 中的解决方案。

原文

I am running Wordpress on IIS 7.5 - I was reviewing my logs today and noticed that there are lots of brute force attempts on my website, looking for files that might compromise its security. Specifically looking for setup files, phpMyAdmin, other mysql stuff etc - all of which are 404.

Based on this information, what are some ways that I could create a security module to A) Block someone with more than [n] number of 404's in a row. B) Block someone who matches certain keywords, eg looking for phpMyAdmin. C) This is optional but an ideal solution would also block IP addresses if I wanted to hardcode / add some.

I have some ideas but I am also looking for other suggestions. Since the server is IIS I would prefer the solution to be using C# ASP.NET or embedded somehow in IIS.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

碍人泪离人颜 2024-12-12 03:11:08

实现一个 HttpHandler 来拦截所有请求。如果他们正在寻找这些模块,请记录他们的 IP 并停止攻击,并将该 IP 添加到被阻止的主机列表中。

是的 - 有人可以伪造 IP(更多的是 DoS 攻击中的问题,在这里不可行),但他们无法伪造整个会话(大致是一个数据包),因此他们无法继续在该 IP 上获得响应并知道如果该文件仍然存在。

如果您想以特殊方式处理 ip,例如立即阻止所有进一步访问,则可以使用此方法。

如果您不需要此类控制而只想阻止,请考虑自定义 URLScan 规则以立即阻止它,因为 UrlScan 现在内置于 IIS 中。
看:
http://www.hanselman.com/blog/HackedAndIDidntLikeItURLScanIsStepZero.aspx

Implement an HttpHandler to intercept all requests. IF they are looking for those modules, log their ip and stop the attack there adding the ip to a list of blocked hosts.

Yes - someone can forge an IP (more of a concern in a DoS attack and not feasible here) but they can't forge an entire session (roughly a packet) so they can't continue on that IP to get a response and know if the file exists anyways .

This method would be used if you want to handle ips in a special way such as block all further access immediately.

If you don't need that type of control and just want to block consider custom URLScan rules to block it immediately since UrlScan now comes built into IIS.
See:
http://www.hanselman.com/blog/HackedAndIDidntLikeItURLScanIsStepZero.aspx

回复 原文
仅此而已 2024-12-12 03:11:08

A) 阻止连续出现超过 [n] 个 404 错误的用户。

有一个名为“Better WP Security”的 WordPress 插件,它具有 404 检测功能,恰好允许此功能。我现在正在使用它并且效果非常好。

B) 阻止匹配某些关键字的人,例如寻找 phpMyAdmin。

您不想只阻止任何尝试访问 phpMyAdmin 的人,因为这也包括您自己。您想按IP过滤请求-不允许任何不在白名单中的IP访问phpMyAdmin。您将在下面我对第三个问题的回答中了解如何执行此操作。

C) 这是可选的,但如果我愿意,理想的解决方案也会阻止 IP 地址

您可以按照以下步骤禁止访问 IIS 7.5 上不在白名单中的 IP 的 wp-login.php 和 wp-admin。您可以模仿该示例,通过在步骤 4 的代码中的(包含)标签之间复制代码并更改“path”属性,将您想要的任何文件(例如 phpMyAdmin)包含在您的 WordPress 文件夹中。

1、打开 WordPress 根文件夹中的 web.config 文件,如果没有找到,请创建一个

2、按照[本文][1]启用“IP 和域限制”角色

3、打开 IIS 管理器,单击根节点,在右侧面板中选择“功能委派”,找到“IPv4 地址和域限制”项,为其授予“读/写”委派

4、打开 web.config 文件(如果您自己创建了该文件)这是空,然后添加以下代码(请参阅底部的注释以了解说明):

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
 <location path="wp-login.php">
        <system.webServer>
        <security>
            <ipSecurity allowUnlisted="false">    
                <clear/>
                <add ipAddress="100.100.100.29" allowed="true"/>
                <add ipAddress="111.111.111.0" subnetMask="255.255.255.0" allowed="true"/>
            </ipSecurity>
        </security>
        <modules runAllManagedModulesForAllRequests="true"/>
        </system.webServer>
  </location>

  <location path="wp-admin">
        <system.webServer>
        <security>
            <ipSecurity allowUnlisted="false">    
                <clear/>
                <add ipAddress="100.100.100.29" allowed="true"/>
                <add ipAddress="111.111.111.0" subnetMask="255.255.255.0" allowed="true"/>
            </ipSecurity>
        </security>
        <modules runAllManagedModulesForAllRequests="true"/>
        </system.webServer>
  </location>
</configuration>

如果您正在处理现有的 web.config 文件,则只需将标签之间的代码添加到 web.config 中的现有标签中。

说明:此代码阻止所有 IP 访问 wp-login.php 或 wp-admin,IP 100.100.100.29 和 111.111.111.1-255 除外。请将这些 IP 替换为您自己的列表。

5, 现在尝试从不在列表中的 IP 访问 wp-login.php 或 wp-admin,您应该会收到 403 - 访问被拒绝错误。

A) Block someone with more than [n] number of 404's in a row.

There's a wordpress plugin called "Better WP Security", it has 404 detection feature which allow exactly this feature. I'm now using it and it's working very well.

B) Block someone who matches certain keywords, eg looking for phpMyAdmin.

You don't want to block just anyone who tries to access phpMyAdmin, because that would include yourself as well. You want to filter the requests by IP - do not allow any IP who is not in the whitelist to visit phpMyAdmin. You'll find out how to do this in my answer of your 3rd question below.

C) This is optional but an ideal solution would also block IP addresses if I wanted to

You can follow below steps to disallow access to wp-login.php and wp-admin on IIS 7.5 for IPs that are not in the whitelist. You can mimic the example to include any file(e.g. phpMyAdmin) you want in your wordpress folder, by copying code between(inclusively) tags in the code of step 4 and change the "path" attribute.

1, Open the web.config file in your wordpress root folder, if you don't find it there, create one

2, Enable "IP and Domain Restrictions" role by following [this article][1]

3, Open IIS Manager, click on root node, in the right panel, select "Feature Delegation", find "IPv4 Address and Domain Restrictions" item, grant "Read/Write" delegation to it

4, Open the web.config file, if you created the file yourself and it's empty, then add the following code(see notes at the bottom for explanation):

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
 <location path="wp-login.php">
        <system.webServer>
        <security>
            <ipSecurity allowUnlisted="false">    
                <clear/>
                <add ipAddress="100.100.100.29" allowed="true"/>
                <add ipAddress="111.111.111.0" subnetMask="255.255.255.0" allowed="true"/>
            </ipSecurity>
        </security>
        <modules runAllManagedModulesForAllRequests="true"/>
        </system.webServer>
  </location>

  <location path="wp-admin">
        <system.webServer>
        <security>
            <ipSecurity allowUnlisted="false">    
                <clear/>
                <add ipAddress="100.100.100.29" allowed="true"/>
                <add ipAddress="111.111.111.0" subnetMask="255.255.255.0" allowed="true"/>
            </ipSecurity>
        </security>
        <modules runAllManagedModulesForAllRequests="true"/>
        </system.webServer>
  </location>
</configuration>

If you are working on an existing web.config file, then you only need to add code between tags into the existing tags in your web.config.

Explanation: This code blocks all IPs from visiting wp-login.php or wp-admin, exceptions are IPs 100.100.100.29 and 111.111.111.1-255. Please replace these IPs with your own list.

5, Now try visit wp-login.php or wp-admin from IPs that are not in the list, you should be given a 403 - Access Denied error.

回复 原文
~没有更多了~

关于作者

只为一人

暂无简介

0 文章
0 评论
24 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

书间行客

文章 0 评论 0

我ぃ本無心為│何有愛

文章 0 评论 0

神妖

文章 0 评论 0

undefined

文章 0 评论 0

38169838

文章 0 评论 0

彡翼

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文