nginx过滤无聊的pingback CC请求
if ($http_user_agent ~* (ApacheBench|pingback|WordPress|MJ12bot|AhrefsBot|360JK|PHP|php|Jorgee) ) {return 101;}if ($http_user_agent = "" ) {return 101;}
if ( $request = "POST /reg.html HTTP/1.1" ) {return 400;}
if ( $request = "POST / HTTP/1.1" ) {return 400;}
if ( $request = "POST / HTTP/1.0" ) {return 400;}
if ( $request = "POST // HTTP/1.0" ) {return 400;}nginx判断agent直接过滤掉一些低能的CC请求, 在这儿直接当个干货贴出来。
也让某些人以为拿小鸡鸡插进土里就**了地球的想法破灭。
代码实例加入nginx后重载或者重启,可以自己拿wordpress的pingback漏洞给自己测试一下,查看日志101状态的记录则是已经被拦截的。
状态码101也可以改成400,自己随意了。
类似低能的CC不用正眼看一下,老有人打打小白觉得好厉害得不行。
过滤后的日志基本就长这样107.170.247.241 - - "GET /login.php HTTP/1.0" 101 0 "-" "WordPress/4.5; http://www.rotaryclubchengdu.org; verifying pingback from 185.130.4.197"
107.170.247.241 - - "GET /login.php HTTP/1.0" 101 0 "-" "WordPress/4.5; http://www.rotaryclubchengdu.org; verifying pingback from 185.130.4.197"
107.170.247.241 - - "GET /login.php HTTP/1.0" 101 0 "-" "WordPress/4.5; http://www.rotaryclubchengdu.org; verifying pingback from 185.130.4.197"
198.104.59.63 - - "GET /login.php HTTP/1.0" 101 0 "-" "WordPress/3.5.1; http://www.guero.com"
92.51.134.237 - - "GET /login.php HTTP/1.0" 101 0 "-" "WordPress/3.0.4; http://www.onlinespiele24.at"
72.249.104.30 - - "GET /login.php HTTP/1.0" 101 0 "-" "WordPress/3.0; http://snapecast.com"
54.162.238.38 - - "GET /login.php HTTP/1.0" 101 0 "-" "WordPress/3.5.2; http://agilepoint.com"
72.249.104.30 - - "GET /login.php HTTP/1.0" 101 0 "-" "WordPress/3.0; http://snapecast.com"
208.78.97.111 - - "GET /login.php HTTP/1.0" 101 0 "-" "WordPress/3.0; http://circle-of-life.ca"
184.168.108.6 - - "GET /login.php HTTP/1.0" 101 0 "-" "WordPress/3.1.2; http://www.rbunited.com"
205.186.151.135 - - "GET /login.php HTTP/1.0" 101 0 "-" "WordPress/3.5.1; http://bradpowellonline.com"
67.219.60.120 - - "GET /login.php HTTP/1.0" 101 0 "-" "WordPress/3.1.3; http://easyhomefix.com"
208.78.97.111 - - "GET /login.php HTTP/1.0" 101 0 "-" "WordPress/3.0; http://circle-of-life.ca" 加入iptables
页:
[1]