logging - 如何创建一个 nginx 规则来阻止对网络服务器的扫描？

Question

我刚刚发现有人试图扫描我的网络服务器以破解用户的密码。我怎样才能阻止这种访问？

171.12.148.114 - - [14/Oct/2013:09:48:01 +0800] "POST /forummember.php?mod=logging&action=login&loginsubmit=yes&loginhash=&inajax=1 HTTP/1.1" 302 154 "-" "Mozilla/ 4.0（兼容；Win32；WinHttp.WinHttpRequest.5）""174.44.72.5"
171.12.148.114 - - [14/Oct/2013:09:48:01 +0800] "POST /forummember.php?mod=logging&action=login&loginsubmit=yes&loginhash=&inajax=1 HTTP/1.1" 302 154 "-" "Mozilla/ 4.0（兼容；Win32；WinHttp.WinHttpRequest.5）""106.4.59.6"
171.12.148.114 - - [14/Oct/2013:09:48:01 +0800] "POST /forummember.php?mod=logging&action=login&loginsubmit=yes&loginhash=&inajax=1 HTTP/1.1" 302 154 "-" "Mozilla/ 4.0（兼容；Win32；WinHttp.WinHttpRequest.5）""14.17.60.6"
171.12.148.114 - - [14/Oct/2013:09:48:01 +0800] "POST /forummember.php?mod=logging&action=login&loginsubmit=yes&loginhash=&inajax=1 HTTP/1.1" 302 154 "-" "Mozilla/ 4.0（兼容；Win32；WinHttp.WinHttpRequest.5）""220.44.43.6"
171.12.148.114 - - [14/Oct/2013:09:48:01 +0800] "POST /forummember.php?mod=logging&action=login&loginsubmit=yes&loginhash=&inajax=1 HTTP/1.1" 302 154 "-" "Mozilla/ 4.0（兼容；Win32；WinHttp.WinHttpRequest.5）""174.44.72.6"
171.12.148.114 - - [14/Oct/2013:09:48:01 +0800] "POST /forummember.php?mod=logging&action=login&loginsubmit=yes&loginhash=&inajax=1 HTTP/1.1" 302 154 "-" "Mozilla/ 4.0（兼容；Win32；WinHttp.WinHttpRequest.5）""106.4.59.7"
171.12.148.114 - - [14/Oct/2013:09:48:01 +0800] "POST /forummember.php?mod=logging&action=login&loginsubmit=yes&loginhash=&inajax=1 HTTP/1.1" 302 154 "-" "Mozilla/ 4.0（兼容；Win32；WinHttp.WinHttpRequest.5）""220.44.43.7"
171.12.148.114 - - [14/Oct/2013:09:48:01 +0800] "POST /forummember.php?mod=logging&action=login&loginsubmit=yes&loginhash=&inajax=1 HTTP/1.1" 302 154 "-" "Mozilla/ 4.0（兼容；Win32；WinHttp.WinHttpRequest.5）""14.17.60.7"
171.12.148.114 - - [14/Oct/2013:09:48:01 +0800] "POST /forummember.php?mod=logging&action=login&loginsubmit=yes&loginhash=&inajax=1 HTTP/1.1" 302 154 "-" "Mozilla/ 4.0（兼容；Win32；WinHttp.WinHttpRequest.5）""174.44.72.7"
171.12.148.114 - - [14/Oct/2013:09:48:01 +0800] "POST /forummember.php?mod=logging&action=login&loginsubmit=yes&loginhash=&inajax=1 HTTP/1.1" 302 154 "-" "Mozilla/ 4.0（兼容；Win32；WinHttp.WinHttpRequest.5）""106.4.59.8"
171.12.148.114 - - [14/Oct/2013:09:48:01 +0800] "POST /forummember.php?mod=logging&action=login&loginsubmit=yes&loginhash=&inajax=1 HTTP/1.1" 302 154 "-" "Mozilla/ 4.0（兼容；Win32；WinHttp.WinHttpRequest.5）""220.44.43.8"
171.12.148.114 - - [14/Oct/2013:09:48:02 +0800] "POST /forummember.php?mod=logging&action=login&loginsubmit=yes&loginhash=&inajax=1 HTTP/1.1" 302 154 "-" "Mozilla/ 4.0（兼容；Win32；WinHttp.WinHttpRequest.5）""14.17.60.8"
171.12.148.114 - - [14/Oct/2013:09:48:02 +0800] "POST /forummember.php?mod=logging&action=login&loginsubmit=yes&loginhash=&inajax=1 HTTP/1.1" 302 154 "-" "Mozilla/ 4.0（兼容；Win32；WinHttp.WinHttpRequest.5）""174.44.72.8"
171.12.148.114 - - [14/Oct/2013:09:48:02 +0800] "POST /forummember.php?mod=logging&action=login&loginsubmit=yes&loginhash=&inajax=1 HTTP/1.1" 302 154 "-" "Mozilla/ 4.0（兼容；Win32；WinHttp.WinHttpRequest.5）""220.44.43.9"
171.12.148.114 - - [14/Oct/2013:09:48:02 +0800] "POST /forummember.php?mod=logging&action=login&loginsubmit=yes&loginhash=&inajax=1 HTTP/1.1" 302 154 "-" "Mozilla/ 4.0（兼容；Win32；WinHttp.WinHttpRequest.5）""106.4.59.9"
171.12.148.114 - - [14/Oct/2013:09:48:02 +0800] "POST /forummember.php?mod=logging&action=login&loginsubmit=yes&loginhash=&inajax=1 HTTP/1.1" 302 154 "-" "Mozilla/ 4.0（兼容；Win32；WinHttp.WinHttpRequest.5）""174.44.72.9"
171.12.148.114 - - [14/Oct/2013:09:48:02 +0800] "POST /forummember.php?mod=logging&action=login&loginsubmit=yes&loginhash=&inajax=1 HTTP/1.1" 302 154 "-" "Mozilla/ 4.0（兼容；Win32；WinHttp.WinHttpRequest.5）""14.17.60.9"
171.12.148.114 - - [14/Oct/2013:09:48:02 +0800] "POST /forummember.php?mod=logging&action=login&loginsubmit=yes&loginhash=&inajax=1 HTTP/1.1" 302 154 "-" "Mozilla/ 4.0（兼容；Win32；WinHttp.WinHttpRequest.5）""220.44.43.10"
171.12.148.114 - - [14/Oct/2013:09:48:02 +0800] "POST /forummember.php?mod=logging&action=login&loginsubmit=yes&loginhash=&inajax=1 HTTP/1.1" 302 154 "-" "Mozilla/ 4.0（兼容；Win32；WinHttp.WinHttpRequest.5）""106.4.59.10"

score 0 · Accepted Answer

您可以使用以下模块通过 IP 限制请求和连接的数量：

ngx_http_limit_req_module或ngx_http_limit_conn_module

另外建议使用naxsi：https ://github.com/nbs-system/naxsi

NAXSI 表示 Nginx Anti Xss & Sql Injection。

logging - 如何创建一个 nginx 规则来阻止对网络服务器的扫描？

1 回答 1

Related

Reference