Zabezpieczenie serwera www przed atakami

Zdarza się, że administrując stroną internetową, leży ona na zwykłym serwerze hostingowym, gdzie nie mamy dostępu do żadnych logów. Bywa także, że skrypt na jakim oparta jest strona zakodowana jest np. w IonCube. W razie ataku nie mamy praktycznie żadnej możliwości, aby znaleźć jego przyczynę, czy nastąpił on w wyniku źle zabezpieczonego serwera, czy też dziurawego skryptu. Kontakt z hostingodawcą oraz producentem oprogramowania kończy się zazwyczaj stwierdzeniem “z naszej strony jest wszystko w porządku”. Czy można samemu w jakiś sposób przeciwdziałać takim atakom? czy jesteśmy się w stanie przed tym bronić?

“Strona została zablokowana jako dokonująca ataków …” brzmi znajomo? Sprawa nie wygląda aż tak beznadziejnie jak mogło by się wydawać z początku i o ile hostingodawca nie zablokował nam dostępu do .htaccess, to w pewien, aczkolwiek ograniczony sposób możemy się przed tym bronić. Pomijam tu ataki na infrastrukturę serwerową, a skupię się na bezpośrednich atakach na naszą stronę.

Poniżej zamieszczam takiego firewalla, który powinien być zawsze dostosowany do danej strony. Jeśli coś nie działa, pojawia się błąd 500, to zawsze winna jest jakaś reguła, która powinna być wyłączona dla konkretnej strony lub zmodyfikowana. Może się także zdarzyć, że będziesz musiał przystosować nazwy katalogów i zdjęć na swojej stronie do pewnych konkretnych wymagań. Stosujemy jedynie małe litery i cyfry, myślniki i podkreślenia. Nie stosujemy znaków specjalnych, żadnych kropek, wykrzykników, przecinków, nawiasów, polskich znaków, spacji i tego typu rzeczy. Poniższy firewall to zablokuje i skutkiem będzie brak wyświetlanego zdjęcia.


###firewall oduk.pl###
order allow,deny
deny from all

ServerSignature Off
LimitRequestBody 10240000
Options -Indexes
Order allow,deny
Allow from all
Deny from 188.92.75.82
Deny from 195.211.154.172
Deny from 195.211.154.175
Deny from 195.211.155.210
Deny from 210.97.192.0/24
Deny from 220.248.0.0/16
Deny from 42.62.37.0/24
Deny from 62.210.113.18
Deny from 62.210.114.10
Deny from 62.210.146.7
Deny from 76.164.226.26
Deny from 91.200.12.66
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^bingbot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Yahoo! [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Yeti [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^KSCrawler [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Baiduspider+ [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^YandexBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^YandexBot^ [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Morfeus [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^200PleaseBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^4seohuntBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^80legs [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^AMZNKAssocBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Aboundexbot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^AboutUsBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Abrave [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Accelobot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^AcoonBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^AddThis [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^AhrefsBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Amagit [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^AntBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Apercite [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^AportWorm [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^AppEngine-Google [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^AraBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Automattic [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^BDFetch [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^BLEXBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^BabalooSpider [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^BacklinkCrawler [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Baiduspider [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Blekkobot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^BlinkaCrawler [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^BlogPulse [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^BotOnParade [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Browsershots [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Butterfly [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^CCBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^CamontSpider [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^CareerBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Castabot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^CatchBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^ChangeDetection [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Charlotte [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^CirrusExplorer [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^CligooRobot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^CloudServerMarketSpider [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^CompSpyBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^CorpusCrawler [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Covario [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Crawler4j [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Crowsnest [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^DBLBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^DCPbot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^DKIMRepBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Daumoa [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^DomainDB [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^DotBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^DripfeedBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^EasyBib [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^EdisterBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Esribot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^EuripBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Eurobot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^EventGuruBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^EvriNid [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Exabot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Ezooms [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^FairShare [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Falconsbot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^FauBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^FeedCatBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^FlightDeckReportsBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^FlipboardProxy [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Flocke [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^FollowSite [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Fooooo_Web_Video_Crawl [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^FyberSpider [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^GOFORITBOT [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Gaisbot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^GarlikCrawler [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^GeliyooBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Genieo [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Gigabot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^GingerCrawler [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Girafabot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Grahambot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^GrapeshotCrawler [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^GurujiBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Hailoobot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^HatenaScreenshot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^HeartRails_Capture [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Holmes [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^HolmesBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^HomeTags [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^HostTracker [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^HuaweiSymantecSpider [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^HubSpot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^ICC [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Influencebot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Infohelfer [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^IntegromeDB [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^IstellaBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^JadynAveBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^JikeSpider [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Jyxobot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Kalooga [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Karneval [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^KeywordDensityRobot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^LemurWebCrawler [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^LexxeBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Lijit [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^LinguaBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Linguee [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^LinkAider [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^LinkWalker [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^MIA [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^MLBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^MSRBOT [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^MeMoNewsBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^MnoGoSearch [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^MojeekBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Motoricerca [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Mp3Bot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^NCbot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^NLNZ_IAHarvester2013 [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^NaverBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^NerdByNature [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^NetResearchServer [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^NetcraftSurveyAgent [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Netseer [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^NextGenSearchBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Nuhk [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Nutch [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Nymesis [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Ocelli [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^OpenCalaisSemanticProxy [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^OpenWebSpider [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^OpenindexSpider [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^OrgbyBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^OsObot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^PagePeeker [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Panscient [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^PaperLiBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^ParchBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Peepowbot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Peew [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^PiplBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Pixray [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Plukkie [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Pompos [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^PostPost [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^ProCogBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^ProCogSEOBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Qirina [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Qseero [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Qualidator [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^QuerySeekerSpider [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^RankurBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Robots_Tester [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Robozilla [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Ronzoobot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Ruky [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^RyzeCrawler [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^SBIder [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^SBSearch [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^SEODat [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^SEOENGBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^SEOkicks [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^SSLBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^SWEBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^SanszBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Scarlett [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Scooter [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^ScoutJet [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Search17Bot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^SearchmetricsBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Semager [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^SemrushBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Setoozbot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^SeznamBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Shelob [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^ShopWiki [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^ShowyouBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Snapbot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^SniffRSS [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^SolomonoBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Sosospider [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Speedy [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^SpiderLing [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Spinn3r [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^SquigglebotBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^StackRambler [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^StatoolsBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Steeler [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Strokebot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Surphace [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^SurveyBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^SygolBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Szukacz [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Tagoobot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Technoratibot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^TinEye [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Topicbot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Toread [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Touche [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^TurnitinBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^TwengaBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Twice [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Twiceler [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Twikle [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^UASlinkChecker [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^UnisterBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^UnwindFetchor [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Updownerbot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^UptimeDog [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^UptimeRobot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Urlfilebot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Vagabondo [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^VideoSurf_bot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Visbot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^VoilaBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WASALive [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WBSearchBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WMCAI_robot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WatchMouse [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WebImages [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WebNL [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WebRankSpider [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Whoismindbot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WikioFeedBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WillyBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WinWebBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Woko [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Wotbox [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^XmarksFetch [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^YRSpider [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Yaanb [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Yanga [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^YioopBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^YodaoBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^YottaShopping_Bot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^YoudaoBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^YowedoBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^ZookaBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Zookabot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^ZumBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^abby [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^adidxbot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^aiHitBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^akula [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^amibot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^arachnode [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^baiduspider [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^baypup [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^bitlybot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^biwec [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^bixocrawler [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^botmobi [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^cityreview [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^coccoc [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^discoverybot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^dotSemantic [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^drupact [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^emefgebot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^envolk [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^facebookplatform [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^factbot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^fastbot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^findlinks [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^firmilybot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^gonzo [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^heritrix [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^iCjobs [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^ia_archiver [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^ichiro [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^imbot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^java [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^linkdex [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^livedoor [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^magpie [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^meanpathbot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^moba [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^netEstate [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^nodestackbot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^nworm [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^oBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^page_verifier [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^peerindex [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^percbotspider [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^proximic [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^quickobot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^rogerbot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^sistrix [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^sitebot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^spbot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^suggybot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^taptubot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^trendictionbot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^uMBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^urlfan [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^voyager [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^webcrawl.net [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^webinatorbot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^webmastercoffee [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^wikiwix [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^woriobot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^wsAnalyzer [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^wscheck [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^yacybot [NC] RewriteRule ^(.*)$ – [F,L]

RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* – [F] RewriteCond %{REQUEST_METHOD} ^POST
RewriteCond %{HTTP:VIA} !^$ [OR] RewriteCond %{HTTP:FORWARDED} !^$ [OR] RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR] RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR] RewriteCond %{HTTP:X_FORWARDED_HOST} !^$ [OR] RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR] RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR] RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR] RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$

RewriteCond %{QUERY_STRING} ftp: [NC,OR] RewriteCond %{QUERY_STRING} http: [NC,OR] RewriteCond %{QUERY_STRING} https: [NC,OR] RewriteCond %{QUERY_STRING} mosConfig [NC,OR] RewriteCond %{QUERY_STRING} ^.(globals|encode|localhost|loopback). [NC,OR] RewriteCond %{QUERY_STRING} (\;|’|\”|%22).(request|insert|union|declare|drop) [NC] RewriteRule ^(.)$ – [F,L] RedirectMatch 403 \,
RedirectMatch 403 :
RedirectMatch 403 \;
RedirectMatch 403 \=
RedirectMatch 403 \@
RedirectMatch 403 [
RedirectMatch 403 ]
RedirectMatch 403 \^
RedirectMatch 403 `
RedirectMatch 403 {
RedirectMatch 403 }
RedirectMatch 403 \~
RedirectMatch 403 \”
RedirectMatch 403 \$
#RedirectMatch 403 \< #RedirectMatch 403 \>
RedirectMatch 403 |
RedirectMatch 403 ..
RedirectMatch 403 \%0
RedirectMatch 403 \%A
RedirectMatch 403 \%B
RedirectMatch 403 \%C
RedirectMatch 403 \%D
RedirectMatch 403 \%E
RedirectMatch 403 \%F
RedirectMatch 403 \%22
RedirectMatch 403 \%27
RedirectMatch 403 \%28
RedirectMatch 403 \%29
RedirectMatch 403 \%3C
RedirectMatch 403 \%3E
RedirectMatch 403 \%3F
RedirectMatch 403 \%5B
RedirectMatch 403 \%5C
RedirectMatch 403 \%5D
RedirectMatch 403 \%7B
RedirectMatch 403 \%7C
RedirectMatch 403 \%7D

COMMON PATTERNS

Redirectmatch 403 _vpi
RedirectMatch 403 .inc
Redirectmatch 403 xAou6
Redirectmatch 403 db_name
Redirectmatch 403 select(
Redirectmatch 403 convert(
Redirectmatch 403 \/query\/
RedirectMatch 403 ImpEvData
Redirectmatch 403 .XMLHTTP
Redirectmatch 403 proxydeny
RedirectMatch 403 function.
Redirectmatch 403 remoteFile
Redirectmatch 403 servername
Redirectmatch 403 \&rptmode\=
Redirectmatch 403 sys_cpanel
RedirectMatch 403 db_connect
RedirectMatch 403 doeditconfig
RedirectMatch 403 check_proxy
Redirectmatch 403 system_user
Redirectmatch 403 \/(null)\/
Redirectmatch 403 clientrequest
Redirectmatch 403 option_value
RedirectMatch 403 ref.outcontrol

SPECIFIC EXPLOITS

RedirectMatch 403 errors.
RedirectMatch 403 config.
RedirectMatch 403 include.
RedirectMatch 403 display.
RedirectMatch 403 register.
Redirectmatch 403 password.
RedirectMatch 403 maincore.
RedirectMatch 403 authorize.
Redirectmatch 403 macromates.
RedirectMatch 403 head_auth.
RedirectMatch 403 submit_links.
RedirectMatch 403 change_action.
Redirectmatch 403 com_facileforms\/
RedirectMatch 403 admin_db_utilities.
RedirectMatch 403 admin.webring.docs.
Redirectmatch 403 Table\/Latest\/index.
RewriteEngine On
RewriteCond %{QUERY_STRING} (eval() [NC,OR] RewriteCond %{QUERY_STRING} (127.0.0.1) [NC,OR] RewriteCond %{QUERY_STRING} ([a-z0-9]{2000}) [NC,OR] RewriteCond %{QUERY_STRING} (javascript:)(.)(;) [NC,OR] RewriteCond %{QUERY_STRING} (base64_encode)(.)(() [NC,OR] RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|[|%) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)(.)script(.)(>|%3) [NC,OR] RewriteCond %{QUERY_STRING} (|...|../|~|`|<|>||) [NC,OR] RewriteCond %{QUERY_STRING} (boot.ini|etc/passwd|self/environ) [NC,OR] RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumb)?).php [NC,OR] RewriteCond %{QUERY_STRING} (‘|\”)(.*)(drop|insert|md5|select|union) [NC] RewriteRule .* – [F]

6G:[REQUEST METHOD]

RewriteCond %{REQUEST_METHOD} ^(connect|debug|delete|move|put|trace|track) [NC] RewriteRule .* – [F]

6G:[REFERRERS]

RewriteCond %{HTTP_REFERER} ([a-z0-9]{2000}) [NC,OR] RewriteCond %{HTTP_REFERER} (semalt.com|todaperfeita) [NC] RewriteRule .* – [F]

6G:[REQUEST STRINGS]

RedirectMatch 403 (?i)([a-z0-9]{2000})
RedirectMatch 403 (?i)(https?|ftp|php):/
RedirectMatch 403 (?i)(base64_encode)(.)(()
RedirectMatch 403 (?i)(=\’|=\%27|/\’/?).
RedirectMatch 403 (?i)/(\$(\&)?|*|\”|.|,|&|&?)/?$
RedirectMatch 403 (?i)({0}|(/(|...|+++|\”\”)
RedirectMatch 403 (?i)(~|`|<|>|:|;|,|%||\s|{|}|[|]||)
RedirectMatch 403 (?i)/(=|\$&|mm|cgi-|etc/passwd|muieblack)
RedirectMatch 403 (?i)(&pws=0|_vti
|(null)|{\$itemURL}|echo(.
)kae|etc/passwd|eval(|self/environ)
RedirectMatch 403 (?i).(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rar|rdf)$

6G:[USER AGENTS]

SetEnvIfNoCase User-Agent ([a-z0-9]{2000}) bad_bot
SetEnvIfNoCase User-Agent (archive.org|binlar|casper|checkpriv|choppy|clshttp|cmsworld|diavol|dotbot|extract|feedfinder|flicky|g00g1e|harvest|heritrix|httrack|kmccrew|loader|miner|nikto|nutch|planetwork|postrank|purebot|pycurl|python|seekerspider|siclab|skygrid|sqlmap|sucker|turnit|vikspider|winhttp|xxxyy|youda|zmeu|zune) bad_bot
Order Allow,Deny
Allow from all
Deny from env=bad_bot

5G:[QUERY STRINGS]

RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} (\”|%22).(<|>|%3) [NC,OR] RewriteCond %{QUERY_STRING} (javascript:).(\;) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C).script.(>|%3) [NC,OR] RewriteCond %{QUERY_STRING} (\|../|`|=’$|=%27$) [NC,OR] RewriteCond %{QUERY_STRING} (\;|’|\”|%22).(union|select|insert|drop|update|md5|benchmark|or|and|if) [NC,OR] RewriteCond %{QUERY_STRING} (base64_encode|localhost|mosconfig) [NC,OR] RewriteCond %{QUERY_STRING} (boot.ini|echo.kae|etc/passwd) [NC,OR] RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|[|%) [NC] RewriteRule .* – [F]

5G:[USER AGENTS]

SetEnvIfNoCase User-Agent ^$ keep_out

SetEnvIfNoCase User-Agent (binlar|casper|cmsworldmap|comodo|diavol|dotbot|feedfinder|flicky|ia_archiver|jakarta|kmccrew|nutch|planetwork|purebot|pycurl|skygrid|sucker|turnit|vikspider|zmeu) keep_out
Order Allow,Deny
Allow from all
Deny from env=keep_out

5G:[REQUEST STRINGS]

RedirectMatch 403 (https?|ftp|php)://
RedirectMatch 403 /(https?|ima|ucp)/
RedirectMatch 403 /(Permanent|Better)$
RedirectMatch 403 (\=\\’|\=\%27|/\\’/?|).css()$
RedirectMatch 403 (\,|)+|/\,/|{0}|(/(|...|+++|||\\”\\”)
RedirectMatch 403 .(cgi|asp|aspx|cfg|dll|exe|jsp|mdb|sql|ini|rar)$
RedirectMatch 403 /(contac|fpw|install|pingserver|register).php$
RedirectMatch 403 (base64|crossdomain|localhost|wwwroot|e107_)
RedirectMatch 403 (eval(|_vti_|(null)|echo.*kae|config.xml)
RedirectMatch 403 .well-known/host-meta
RedirectMatch 403 /function.array-rand
RedirectMatch 403 )\;\$(this).html(
RedirectMatch 403 proc/self/environ
RedirectMatch 403 msnbot.htm)._
RedirectMatch 403 /ref.outcontrol
RedirectMatch 403 com_cropimage
RedirectMatch 403 indonesia.htm
RedirectMatch 403 {\$itemURL}
RedirectMatch 403 function()
RedirectMatch 403 labels.rdf
RedirectMatch 403 /playing.php
RedirectMatch 403 muieblackcat

5G:[REQUEST METHOD]

RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* – [F]

###Firewall Koniec

Taka mała uwaga, reguły oznaczone jako 5G oraz 6G wchodzą w skład firewalla dostępnego na stronie https://perishablepress.com/5g-blacklist-2013/ oraz https://perishablepress.com/6g/ i są one co jakiś czas aktualizowane, więc warto odwiedzać co jakiś czas te strony i nanosić ewentualne poprawki w naszym pliku .htaccess.

3 myśli na temat „Zabezpieczenie serwera www przed atakami

  1. Nie jest przeznaczony pod konkretny CMS jednak jeżeli będzie wywalało błąd 500 lub też zauważysz, że coś nie do końca działa strona, to będziesz musiał hashować poszczególne regułki tego firewalla i namierzyć która powoduje problem. Możesz mieć trochę z tym roboty ale myślę, że warto.

Dodaj komentarz

one × one =