 |
LINUX |
spam & wormコントロール
*setenvifとrewriteでスパムとワームをコントロール
*完全コピーしないこと (エラーが出ることあり)
**以降はコメントです
*エディタ、ファイラーの操作は省略します
*Enterキーを省略します
*ログイン端末で "#" はroot、"$" は一般ユーザのプロンプトの記号です
*設定ファイルで "#" で始まる行はコメントとして解釈されます
mod_rewriteの設定*参考サイト Eight Ways to Blacklist with Apache's mod_rewrite
*RewriteLogを有効にするとapacheに負担を掛けるので、通常は無効にしておきます
*RewriteRuleに E(変数)を設定してaccess_log(設定は別記)に渡しています
:/etc/httpd/conf/extra/httpd-rewrite-block.conf
## Using mod_rewrite to block the stupid comment and spam bots
RewriteEngine On ServerSignature Off Options +FollowSymLinks #RewriteLog "logs/rewrite_log" #RewriteLogLevel 5
# Blacklist for REQUEST_METHOD
RewriteCond %{REQUEST_METHOD} ^(delete|head|trace|track) [NC]
RewriteRule ^.*$ - [G,L,E=ignorelog:1]
# Blacklist for THE_REQUEST
RewriteCond %{THE_REQUEST} ^.*(\\r|\\n|%0A|%0D).* [NC]
RewriteRule ^.*$ - [G,L,E=ignorelog:1]
# Blacklist for HTTP_REFERER
RewriteCond %{HTTP_REFERER} ^(.*)(<|>|'|%0A|%0D|%00).* [NC]
RewriteCond %{HTTP_REFERER} ^.*(poker|medicine|pills|diet|viagra|mortgage).* [NC,OR]
RewriteCond %{HTTP_REFERER} ^.*(casino|insurance|loan|buy|xanax|meridia).* [NC,OR]
RewriteCond %{HTTP_REFERER} ^.*(incest|adult|porno|lesbian|tramadol|holdem).* [NC,OR]
RewriteCond %{HTTP_REFERER} ^.*(phentermine|gambling|texas|pharmacy|ultram).* [NC]
RewriteRule ^.*$ - [G,L,E=ignorelog:1]
# Blacklist for HTTP_COOKIE
RewriteCond %{HTTP_COOKIE} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC]
RewriteRule ^.*$ - [G,L,E=ignorelog:1]
# Blacklist for REQUEST_URI # /~user/でサイトを公開したい場合 |\~の設定をしない
RewriteCond %{REQUEST_URI} ^/(,|;|:|<|>|">|"<|/|\\\.\.\\).{0,9999}.* [NC,OR]
RewriteCond %{REQUEST_URI} ^.*(,|;|:|<|>|">|"<|\\\.\.\\).* [NC,OR]
RewriteCond %{REQUEST_URI} ^.*(\=|\@|\[|\]|\^|\`|\{|\}|\~).* [NC,OR]
RewriteCond %{REQUEST_URI} ^.*(\'|%0A|%0D|%27|%3C|%3E|%00).* [NC]
RewriteRule ^.*$ - [G,L,E=ignorelog:1]
# Blacklist for HTTP_USER_AGENT
RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(HTTrack|clshttp|archiver|loader|email).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(nikto|miner|python|winhttp|libwww\-perl).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(curl|wget|java|harvest|scan|grab|extract).* [NC]
RewriteRule ^.*$ - [G,L,E=ignorelog:1]
# Unexpected Search Engine # robots.txtに設定を追加
RewriteCond %{HTTP_USER_AGENT} ^.*(Baiduspider|BaiduImagespider|BaiduMobaider).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(NaverBot|yodaobot|Yandex|Yeti|AdultsVisit).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(ia_archiver|al_viewer).* [NC]
RewriteRule !^robots\.txt$ - [G,L,E=ignorelog:1]
# Blacklist for QUERY_STRING
RewriteCond %{QUERY_STRING} \?$ [OR]
RewriteCond %{QUERY_STRING} \.\./\.\./\.\./ [OR]
RewriteCond %{QUERY_STRING} ^.*(localhost|loopback|127\.0\.0\.1).* [NC]
RewriteRule ^.*$ - [G,L,E=ignorelog:1]
# Misleading Web Manager
RewriteCond %{QUERY_STRING} ^.*(http://195\.228\.157\.218:2082).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(http://217\.218\.225\.2:2082).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(http://193\.255\.208\.32:2082).* [NC]
RewriteRule ^.*$ - [G,L,E=ignorelog:1]
# Ignoring the bad access to the setting's file
RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1$ [OR]
RewriteCond %{REMOTE_ADDR} !^192\.168\.0\.*$
RewriteRule (nosuichfile|setup)\.php$ - [G,L,E=ignorelog:1]
robots.txtの設定*省略
User-agent: Baiduspider Disallow: / User-agent: BaiduImagespider Disallow: / User-agent: BaiduMobaider Disallow: / User-agent: NaverBot Disallow: / User-agent: yodaobot Disallow: / User-agent: Yandex Disallow: / User-agent: Yeti Disallow: / User-agent: AdultsVisit Disallow: / User-agent: ia_archiver Disallow: / User-agent: al_viewer Disallow: /
mod_setenvifの設定*変数 spamlist ignorelogを設定し、アクセス・ログの制御に使用します
*wormの設定はもはや必要無いかもしれない(試験的にログを取る)?
:/etc/httpd/conf/extra/httpd-setenvif-block.conf
## except IIS worm attack (already not usefull?)
<IfModule setenvif_module>
SetEnvIfNocase Request_URI "^/(_mem_bin|_vti_bin|c|d|msadc|scripts)/" wormlist ignorelog
SetEnvIfNocase Request_URI "\.(asp|bat|com|cmd|dll|exe|files)" wormlist ignorelog
SetEnvIfNocase Request_URI "\.(htr|htw|ida|idc|idq|printer)" wormlist ignorelog
SetEnvIf User-Agent "(compatible; MSIE 5.5; Windows 98)" ignorelog
</IfModule>
## access-control
#Order allow,deny #Allow from all #Deny from env=wormlist
## logging
<IfModule log_config_module>
CustomLog "/var/log/httpd/worm_log" combined env=wormlist
</IfModule>
 |
Copyright(c) 528p.com All Rights Reserved. |