Chinaunix首页 | 论坛 | 博客
  • 博客访问: 133098
  • 博文数量: 36
  • 博客积分: 1716
  • 博客等级: 上尉
  • 技术积分: 295
  • 用 户 组: 普通用户
  • 注册时间: 2009-09-20 11:20
文章分类

全部博文(36)

文章存档

2014年(1)

2012年(1)

2011年(15)

2010年(1)

2009年(18)

我的朋友
最近访客

分类: 网络与安全

2009-09-20 11:35:18

写程序难免出现漏洞,偶尔懒时,用一些开源的东东,其中漏洞更不好说,有些所谓的黑客发现网站漏洞肯定会欣喜若狂,于是乎把你的网站折腾的底朝天,传一些网页木马之类的东西,你的网站就不能清净了,为了避免这种情况,写了以下脚本,供大家享用!

原文地址:

为了尽量减少网站被注入的可能,注意一下三点:

1、尽可能不用开源的东西,开源的东西可以借鉴一下好的地方,但是不要全部搬过来

2、自己写程序时,尽量细心,不要给自己的网站留有被黑的可能,这个还是去研究一下SQL注入吧

3、经常检查web服务器日志和自己的程序文件,看看有没有被尝试注入和可疑文件。

前两者好说,现在把监控服务器脚本共享给大家,有意见请联系:,一起探讨

#check hacker and warn
#by alei
function urlencode(){
        echo -n "$1" | od -t x1 -A n -w1000|tr " " "%"
}

function md5(){
        md5str=`echo -n $1|md5sum`
        echo ${md5str%%\ *}
}
#get date by ...
function getDateHourBefore(){
        a=`date +%s`;
        b=`echo "$a - 3600*$2"|bc`;
        c=`date -d "1970-01-01 UTC $b seconds" +"$1"`;
        echo $c
}
#$1=log file array,$2=search key,$3=log file
function checkLogs(){
    result="0"
    files=$1
    i=0;
        #dateLastHour=`getDateHourBefore "%d/%b/%Y:%H" 1`
        #dateHour=`getDateHourBefore "%d/%b/%Y:%H" 0`
    for file in ${files[*]}
        do
        for j in $file*
        do
            if [ -e "$j" ]
            then
                #res=`cat "$j"|sed -n "/$2/p"`
                                #res=`cat $j| tr 'A-Z' 'a-z'|sed -n "/$2/p"|grep -iE "$dateLastHour|$dateHour"`
                res=`cat $j| tr 'A-Z' 'a-z'|sed -n "/$2/p"`
                if [ "$res" ]
                then
                    result="1"
                    echo -e "start in $j\n$res\nend\n" >> $3
                fi
            else
                echo -e "$j not exists\n" >> $3
            fi
        done
    done
    echo $result
}
#$1=file path array,$2=key array $3=log file
function checkVitrualFies(){
    result="0"
    i=0
    paths=$1
    keys=$2
    for path in ${paths[*]}
    do
        if [ -e "$path" ]
        then
            for key in ${keys[*]}
            do
                res=`find $path  -name "*.php" -exec grep -iH "$key" {} \;`
                if [ "$res" ]
                then
                    result="1"
                    echo -e "start in $path\n$res\nend\n">>$3
                fi
            done
        else
            echo -e "$path not exists\n" >> $3
        fi
    done
    echo $result;
}
year=`date +%Y`
month=`date +%m`
date=`date +%d`
hour=`date +%H`
#hacker tag
checkResult="0";
logFile="/opt/www/logs/checkHacker/newcheck.log"
echo -e "=================================start at $year-$month-$date $hour:"`date +%M:%S`"=================================" >> $logFile
echo -e "starting check log...">> $logFile
#key
searchkey="union.*select"
#log file
logs[0]=/var/lib/www/logs/$year/$month/$date"_"$hour
#lastHour=`getDateHourBefore %H 1`
#logs[1]=/var/lib/www/logs/$year/$month/$date"_"$lastHour
logs[1]="/var/lib/www/logs/"`getDateHourBefore %Y/%m/%d_%H 1`
#echo "${logs[*]}";exit 0
#check logs
checkResult=`checkLogs "${logs[*]}" "$searchkey" "$logFile"`
#check vitrual file
echo -e "starting check vitrual files ...">> $logFile
#check files
vitrualPaths[0]="/var/lib/www/dd.kaiyuanba.cn"
vitrualPaths[1]="/var/lib/www/"
vitrualPaths[2]="/var/lib/www/in.erkaiyuanba.cn"
vitrualPaths[3]="/var/lib/www/gt.kaiyuanba.cn"
vitrualPaths[4]="/var/lib/www/in.sg.kaiyuanba.cn"
vitrualPaths[5]="/var/lib/www/"
vitrualPaths[6]="/var/lib/www/in.rr.kaiyuanba.cn"
vitrualPaths[7]="/var/lib/www/"
vitrualKeys[0]="Sniper"
vitrualKeys[1]="4ngel"
if [ "$checkResult" = "1" ]
then
    checkVitrualFies "${vitrualPaths[*]}" "${vitrualKeys[*]}" "$logFile"
else
    checkResult=`checkVitrualFies "${vitrualPaths[*]}" "${vitrualKeys[*]}" "$logFile"`
fi

#check tag and send mail or message
if [ "$checkResult" = "1" ]
then
        key="xxxx"
        msg="xxx was hacking"
        mobile="12345678911"
        email=""
        auth=`md5 "$msg$mobile$email$key"`


        emsg=`urlencode "$msg"`
        emobile=`urlencode "$mobile"`
        eemail=`urlencode "$email"`
        eauth=`urlencode "$auth"`

        content="c="$emsg"&m="$emobile"&e="$eemail"&a="$eauth
        curl "?"$content
else
    echo "not send message"
fi

这段脚本会把又被注入现象的日志输入到一个文本文件,可以的文件路径以及文件名称也会输入到一个文件,同时可以调用接口给技术人员发邮件和短信报警,技术同学便可以及时查询,或许一场很大的事故因此而避免了,恭喜!!

检查结果如下图

呈现给大家另一段程序,只是是日志文件格式不同

#check hacker and warn
#by alei
function urlencode(){
        echo -n "$1" | od -t x1 -A n -w1000|tr " " "%"
}

function md5(){
        md5str=`echo -n $1|md5sum`
        echo ${md5str%%\ *}
}
#get date by ...
function getDateHourBefore(){
        a=`date +%s`;
        b=`echo "$a - 3600*$2"|bc`;
        c=`date -d "1970-01-01 UTC $b seconds" +"$1"`;
        echo $c
}
#$1=log file array,$2=search key,$3=log file
function checkLogs(){
        result="0"
        files=$1
        i=0;
        #dateLastHour=`getDateHourBefore "%d/%b/%Y:%H" 1`
        #dateHour=`getDateHourBefore "%d/%b/%Y:%H" 0`
        for file in ${files[*]}
        do
                for j in $file*
                do
                        if [ -e "$j" ]
                        then
                                #res=`cat $j|sed -n "/$2/p"`
                                #res=`cat $j| tr 'A-Z' 'a-z'|sed -n "/$2/p"|grep -iE "$dateLastHour|$dateHour"`
                res=`cat $j| tr 'A-Z' 'a-z'|sed -n "/$2/p"`
                                if [ "$res" ]
                                then
                                        result="1"
                                        echo -e "start in $j\n$res\nend\n" >> $3
                                fi
                        else
                                echo -e "$j not exists\n" >> $3
                        fi
                done
        done
        echo $result
}

#$1=file path array,$2=key array $3=log file
function checkVitrualFies(){
        result="0"
        i=0
        paths=$1
        keys=$2
        for path in ${paths[*]}
        do
                if [ -e "$path" ]
                then
                        for key in ${keys[*]}
                        do
                                res=`find $path  -name "*.php" -exec grep -iH "$key" {} \;`
                                if [ "$res" ]
                                then
                                        result="1"
                                        echo -e "start in $path\n$res\nend\n">>$3
                                fi
                        done
                else
                        echo -e "$path not exists\n" >> $3
                fi
        done
        echo $result;
}
year=`date +%Y`
month=`date +%m`
date=`date +%d`
hour=`date +%H`
#hacker tag
checkResult="0";
logFile="/opt/www/logs/checkHacker/newcheck.log"
#logFile="newcheck.log";
echo -e "=================================start at $year-$month-$date $hour:"`date +%M:%S`"=================================" >> $logFile
echo -e "starting check log...">> $logFile
#key
searchkey="union.*select"

#log file
logs[0]=/data/logs/access/$year$month$date"_"$hour
#lastHour=`getDateHourBefore %H 1`
#logs[1]=/data/logs/access/$year$month$date"_"$lastHour
logs[1]="/data/logs/access/"`getDateHourBefore %Y%m%d_%H 1`
#echo "${logs[*]}";exit 0
#check logs
checkResult=`checkLogs "${logs[*]}" "$searchkey" "$logFile"`
#check vitrual file
echo -e "starting check vitrual files ...">> $logFile
#check files
vitrualPaths[0]="/data/KKWWW/www"
vitrualPaths[1]="/data/KKWWW/in.kaiyuanba.cn"
vitrualPaths[2]="/data/xdrj"
vitrualPaths[3]="/data/tlf"
vitrualPaths[4]="/data/KKWWW/pub"
vitrualKeys[0]="Sniper"
vitrualKeys[1]="4ngel"
if [ "$checkResult" = "1" ]
then
        checkVitrualFies "${vitrualPaths[*]}" "${vitrualKeys[*]}" "$logFile"
else
        checkResult=`checkVitrualFies "${vitrualPaths[*]}" "${vitrualKeys[*]}" "$logFile"`
fi

#check tag and send mail or message
if [ "$checkResult" = "1" ]
then
        key="xxxx"
        msg="xxx was hacking"
        mobile="12345678911"
        email=""
        auth=`md5 "$msg$mobile$email$key"`


        emsg=`urlencode "$msg"`
        emobile=`urlencode "$mobile"`
        eemail=`urlencode "$email"`
        eauth=`urlencode "$auth"`

        content="c="$emsg"&m="$emobile"&e="$eemail"&a="$eauth
        curl "?"$content
else
        echo "not send message"
fi
阅读(1311) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~