分类: 网络与安全
2009-09-20 11:35:18
为了尽量减少网站被注入的可能,注意一下三点:
1、尽可能不用开源的东西,开源的东西可以借鉴一下好的地方,但是不要全部搬过来
2、自己写程序时,尽量细心,不要给自己的网站留有被黑的可能,这个还是去研究一下SQL注入吧
3、经常检查web服务器日志和自己的程序文件,看看有没有被尝试注入和可疑文件。
前两者好说,现在把监控服务器脚本共享给大家,有意见请联系:,一起探讨
#check hacker and warn
#by alei
function urlencode(){
echo -n "$1" | od -t x1 -A n -w1000|tr " " "%"
}
function md5(){
md5str=`echo -n $1|md5sum`
echo ${md5str%%\ *}
}
#get date by ...
function getDateHourBefore(){
a=`date +%s`;
b=`echo "$a - 3600*$2"|bc`;
c=`date -d "1970-01-01 UTC $b seconds" +"$1"`;
echo $c
}
#$1=log file array,$2=search key,$3=log file
function checkLogs(){
result="0"
files=$1
i=0;
#dateLastHour=`getDateHourBefore "%d/%b/%Y:%H" 1`
#dateHour=`getDateHourBefore "%d/%b/%Y:%H" 0`
for file in ${files[*]}
do
for j in $file*
do
if [ -e "$j" ]
then
#res=`cat "$j"|sed -n "/$2/p"`
#res=`cat $j| tr 'A-Z' 'a-z'|sed -n "/$2/p"|grep -iE "$dateLastHour|$dateHour"`
res=`cat $j| tr 'A-Z' 'a-z'|sed -n "/$2/p"`
if [ "$res" ]
then
result="1"
echo -e "start in $j\n$res\nend\n" >> $3
fi
else
echo -e "$j not exists\n" >> $3
fi
done
done
echo $result
}
#$1=file path array,$2=key array $3=log file
function checkVitrualFies(){
result="0"
i=0
paths=$1
keys=$2
for path in ${paths[*]}
do
if [ -e "$path" ]
then
for key in ${keys[*]}
do
res=`find $path -name "*.php" -exec grep -iH "$key" {} \;`
if [ "$res" ]
then
result="1"
echo -e "start in $path\n$res\nend\n">>$3
fi
done
else
echo -e "$path not exists\n" >> $3
fi
done
echo $result;
}
year=`date +%Y`
month=`date +%m`
date=`date +%d`
hour=`date +%H`
#hacker tag
checkResult="0";
logFile="/opt/www/logs/checkHacker/newcheck.log"
echo -e "=================================start at $year-$month-$date
$hour:"`date +%M:%S`"=================================" >>
$logFile
echo -e "starting check log...">> $logFile
#key
searchkey="union.*select"
#log file
logs[0]=/var/lib/www/logs/$year/$month/$date"_"$hour
#lastHour=`getDateHourBefore %H 1`
#logs[1]=/var/lib/www/logs/$year/$month/$date"_"$lastHour
logs[1]="/var/lib/www/logs/"`getDateHourBefore %Y/%m/%d_%H 1`
#echo "${logs[*]}";exit 0
#check logs
checkResult=`checkLogs "${logs[*]}" "$searchkey" "$logFile"`
#check vitrual file
echo -e "starting check vitrual files ...">> $logFile
#check files
vitrualPaths[0]="/var/lib/www/dd.kaiyuanba.cn"
vitrualPaths[1]="/var/lib/www/"
vitrualPaths[2]="/var/lib/www/in.erkaiyuanba.cn"
vitrualPaths[3]="/var/lib/www/gt.kaiyuanba.cn"
vitrualPaths[4]="/var/lib/www/in.sg.kaiyuanba.cn"
vitrualPaths[5]="/var/lib/www/"
vitrualPaths[6]="/var/lib/www/in.rr.kaiyuanba.cn"
vitrualPaths[7]="/var/lib/www/"
vitrualKeys[0]="Sniper"
vitrualKeys[1]="4ngel"
if [ "$checkResult" = "1" ]
then
checkVitrualFies "${vitrualPaths[*]}" "${vitrualKeys[*]}" "$logFile"
else
checkResult=`checkVitrualFies "${vitrualPaths[*]}" "${vitrualKeys[*]}" "$logFile"`
fi
#check tag and send mail or message
if [ "$checkResult" = "1" ]
then
key="xxxx"
msg="xxx was hacking"
mobile="12345678911"
email=""
auth=`md5 "$msg$mobile$email$key"`
emsg=`urlencode "$msg"`
emobile=`urlencode "$mobile"`
eemail=`urlencode "$email"`
eauth=`urlencode "$auth"`
content="c="$emsg"&m="$emobile"&e="$eemail"&a="$eauth
curl "?"$content
else
echo "not send message"
fi
这段脚本会把又被注入现象的日志输入到一个文本文件,可以的文件路径以及文件名称也会输入到一个文件,同时可以调用接口给技术人员发邮件和短信报警,技术同学便可以及时查询,或许一场很大的事故因此而避免了,恭喜!!
检查结果如下图
呈现给大家另一段程序,只是是日志文件格式不同
#check hacker and warn