我的网络服务器(apache2)不断受到恶意机器人的攻击,要求提供以下网址:
/blog/tag/pnPHPbb2//index.PHP?name=PNPHPBB2&file=posting&mode=quote/index.PHP?name=PNPHPBB2&file=viewtopic&p=34004/viewtopic.PHP?p=15&sid=be4c914eb746ac7c96beea717fdfc692/&highlight=../../../../../../../../../../../../../etc/passwd%00 HTTP Response 301 //index.PHP?name=PNPHPBB2&file=posting&mode=quote/index.PHP?name=PNPHPBB2&file=viewtopic&p=34004/viewtopic.PHP?p=15&sid=be4c914eb746ac7c96beea717fdfc692/&highlight=../../../../../../../../../../../../../etc/passwd%00 HTTP Response 200 /wiki/index.PHP/Main:Some_Wiki_Pagename//index.PHP?name=PNPHPBB2&file=posting&mode=quote/index.PHP?name=PNPHPBB2&file=viewtopic&p=34004/viewtopic.PHP?p=15&sid=be4c914eb746ac7c96beea717fdfc692/&highlight=../../../../../../../../../../../../../etc/passwd%00 HTTP Response 200 /wiki/index.PHP//index.PHP?name=PNPHPBB2&file=posting&mode=quote/index.PHP?name=PNPHPBB2&file=viewtopic&p=34004/viewtopic.PHP?p=15&sid=be4c914eb746ac7c96beea717fdfc692/&highlight=../../../../../../../../../../../../../etc/passwd%00 HTTP Response 200 /blog/2009/01/title-of-post-here//index.PHP?name=PNPHPBB2&file=posting&mode=quote/index.PHP?name=PNPHPBB2&file=viewtopic&p=34004/viewtopic.PHP?p=15&sid=be4c914eb746ac7c96beea717fdfc692/&highlight=../../../../../../../../../../../../../etc/passwd%00 HTTP Response 301
我想要一个夜间的cron进程找到任何请求“恶意”URL的主机,并将它们添加到等同于hosts.deny的HTTP.
我想可能会有一组定义恶意URL的正则表达式,以及一些apache插件可以轻松地让主机拒绝(无需每晚重启httpd).
有这样的事吗?
解决方法
http://www.modsecurity.org/可能会做你想要的.
