网站运行一直伴随着黑客扫描端口和网站漏洞,有没有什么好方法可以一劳永逸,下面给大家介绍一种本站的处理办法:
黑客攻击先行手段主要是 端口扫描 和 漏洞地址试探;
对于端口扫描:
正常来讲我们都是开放需要的端口关闭不需要的,但是还是无法避免有时候端口被扫到,不如直接开放黑客喜欢的端口 比如 3389 33899 555 888 666 8081 145 进行建陷阱站,然后正常业务使用其它端口,这些端口只要访问 就拉黑访问者ip,虽然有误杀但是正常用户是不用这些你业务没设置的端口的。
对于漏洞地址试探:
利用404 收集访问者信息 对于有明显试探的访问者拉黑ip,比如有下面路径的访问用户 data/cache/admin.php /admin/login.php /install/admins.php /dede_admin/ /wp-content/ /web/wp-includes/ /wp-admin/
下面是一段自动拉黑访问者ip的代码:
<?php
//需要安装系统的宝塔防火墙插件,并开启api调用 最好把访问ip加入白名单 127.0.0.1
class btapi
{
private $BT_KEY = "eiOI9fsd4gr589hager15s4rg8517845yK"; //宝塔api接口密钥
private $BT_PANEL = "http://127.0.0.1:120"; //面板地址 不需要入口地址
private $OS_LX = "win"; //系统类型
private $OS = [
'win' => [
'name' => 'win_firewalls',
'get' => 'get_drop_ips',
'add' => 'add_drop_ip',
'del' => 'del_drop_ip',
],
'cen' => [
'name' => 'firewall',
'get' => 'get_ip_rules_list',
'add' => 'create_ip_rules',
'del' => 'remove_ip_rules',
],
];
public function __construct($bt_panel = null, $bt_key = null)
{
if ($bt_panel) $this->BT_PANEL = $bt_panel;
if ($bt_key) $this->BT_KEY = $bt_key;
}
public function adddropip($ip, $ps = '') //添加黑名单ip
{
$result = $this->HttpPostCookie('/plugin?action=a', [
'name' => ($this->OS)[$this->OS_LX]['name'],
's' => ($this->OS)[$this->OS_LX]['add'],
'ip' => $ip,
'ps' => empty($ps) ? $ip : $ps,
'address' => $ip,
'types' => 'drop',
'brief' => empty($ps) ? $ip : $ps,
]);
$data = json_decode($result, true);
return $data;
}
public function deldropip($ip) //删除黑名单ip
{
$result = $this->HttpPostCookie('/plugin?action=a', [
'name' => ($this->OS)[$this->OS_LX]['name'],
's' => ($this->OS)[$this->OS_LX]['del'],
'ip' => $ip,
'address' => $ip,
'types' => 'drop',
]);
$data = json_decode($result, true);
return $data;
}
private function GetKeyData()
{
$now_time = time();
$p_data = [
'request_token' => md5($now_time . '' . md5($this->BT_KEY)),
'request_time' => $now_time
];
return $p_data;
}
private function HttpPostCookie($url, $data = [], $timeout = 60)
{
$url = $this->BT_PANEL . $url;
$data = array_merge($data, $this->GetKeyData());
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$output = curl_exec($ch);
curl_close($ch);
return $output;
}
public static function getIp()
{ //获取IP
$ip = FALSE;
if (!empty($_SERVER["HTTP_CLIENT_IP"])) {
$ip = $_SERVER["HTTP_CLIENT_IP"];
}
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
return ($ip ? $ip : $_SERVER['REMOTE_ADDR']);
}
}
$api = new btapi();
$ip = btapi::getIp();
$ips = @file_get_contents(__DIR__ . '/ip.json');
$iparr = explode("\n", $ips);
if (in_array($ip, $iparr)) {
$api->adddropip($ip, '来自端口测试' . date("Ymd H:i:s"));
} else {
$fp = @fopen(__DIR__ . '/ip.json', 'w');
fwrite($fp, empty($ips) ? $ip : $ips . "\n" . $ip);
fclose($fp);
}
echo '禁止访问,刷新或者继续访问到此页面将会加黑ip!请立即关闭此页面,并不在访问!<br>';
echo '缓存IP列表:<br>';
echo implode('<br>', $iparr);