Archive

Posts Tagged ‘nginx’

用fail2ban监控nginx日志

September 9th, 2010 Comments off

背景

fail2ban是一款日志扫描软件, 尝试从日志中发现恶意的攻击行为, 尤其是用户名密码的失败尝试, 并可以通过iptables防火墙封禁恶意用户的IP, 以防止进一步的攻击.

最近在nginx服务器的日志中发现了很多可疑的请求, 看起来像是试图从Web服务器上发现漏洞页面:

221.204.246.105 - - [08/Sep/2010:06:45:13 +0000] "GET /dbzhedit/ewebeditor.asp HTTP/1.1" 404 5748 "-" "Mozilla/4.0"
221.204.246.105 - - [08/Sep/2010:06:45:14 +0000] "GET /edit/ewebeditor.asp HTTP/1.1" 404 5744 "-" "Mozilla/4.0"
221.204.246.105 - - [08/Sep/2010:06:45:15 +0000] "GET /ugvbadmin/edit/ewebeditor.asp HTTP/1.1" 404 5754 "-" "Mozilla/4.0"
222.189.228.42 - - [08/Sep/2010:18:10:50 +0000] "GET /piqmUserReg.asp HTTP/1.1" 404 5790 "-" "Mozilla/4.0"
222.189.228.42 - - [08/Sep/2010:18:10:51 +0000] "GET /UserReg.asp HTTP/1.1" 404 5786 "-" "Mozilla/4.0"
222.189.228.42 - - [08/Sep/2010:18:10:52 +0000] "GET /ioifupfile_flash.asp HTTP/1.1" 404 5795 "-" "Mozilla/4.0"
222.189.228.42 - - [08/Sep/2010:18:10:53 +0000] "GET /upfile_flash.asp HTTP/1.1" 404 5791 "-" "Mozilla/4.0"
222.189.228.42 - - [08/Sep/2010:18:10:53 +0000] "GET /admin/zhmuupfile_flash.asp HTTP/1.1" 404 5801 "-" "Mozilla/4.0"
222.189.228.42 - - [08/Sep/2010:18:10:54 +0000] "GET /admin/upfile_flash.asp HTTP/1.1" 404 5797 "-" "Mozilla/4.0"
222.189.228.42 - - [08/Sep/2010:18:10:54 +0000] "GET /admins/xvmbupfile_flash.asp HTTP/1.1" 404 5802 "-" "Mozilla/4.0"

安装fail2ban

我觉得可以用fail2ban扫描日志中上述攻击, 并且封禁恶意用户. 首先安装fail2ban, 在Ubuntu/Debian下用apt-get一次搞定: Read more…

Categories: 开源软件 Tags: ,

WordPress 3.0 Update Network超时

September 1st, 2010 Comments off

最近将Blog升级到Wordpress 3.0. 新版本支持multisite模式, 我正好可以把几个Blog合并管理. 激活多站点模式后, WordPress管理菜单中新出现了Super Admin菜单, 下面包含Update菜单项, 在Wordpress升级后, 可以通过Update Network功能同时更新当前站点下的所有Blog.

不过最近使用Update Network功能从来没有成功过, 猜测是超时的问题. 我服务器使用的是nginx + php5-fpm, nginx的error.log中相关错误是ms-upgrade-network.php脚本产生的upstream timed out: Read more…

Categories: Wordpress Tags: , ,