Secure Your Botnet Panel Using Nginx Config

Hi All
The example will be on CentOS.
 
Our security will be based on two simple things in nginx configuration:
user-agent.
php extension.
 
The idea is simple, it is :
 
To change the file extension of the gate ".php" into something else. in our tutorial, ".gte" will be taken as example.
 
Configure nginx to process the files ".gte" as ".php".
 
Lock all access (Get) to php files (and other extensions if we want) of our panel on a long user-agent (if user-agent is false return 404).
 
 
Configure Nginx :
 
nginx.conf (/etc/nginx/nginx.conf) :
user nginx;
worker_processes 1;

error_log       /var/log/nginx/error.log warn;
pid             /var/run/nginx.pid;


events  {
                worker_connections      1024;
        }

http    {
                include         /etc/nginx/mime.types;
                default_type    application/ctect-stream;
                log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                                '$status $body_bytes_sent "$http_referer" '
                                '"$http_user_agent" "$http_x_forwarded_for"';
                access_log /var/log/nginx/access.log main;
                sendfile        on;
                #tcp_nopush     on;
                #gzip           on;

                include /etc/nginx/conf.d/*.conf;
                server_tokens off;
}
note : "server_tokens off" is a must to hide nginx version.
 
php-fpm users, sockets config (/etc/php-fpm/conf.d/www.conf)
; RPM: apache Choosed to be able to access some dir as httpd
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx
; Note: This value is mandatory.
;listen = 127.0.0.1:9000
listen = /var/run/php5-fpm.sock
Quote

The advantage of running PHP-FPM on socket connections instead of TCP/IP is that the socket connections are much more faster than TCP/IP connections (around 10-15%) because it saves the passing the data over the different layers of TCP/IP stack.

dmain-name.conf (/etc/nginx/conf.d/domain-name.conf):
server {
                listen 80;
                server_name damain-name;
                root /var/www;
                client_max_body_size 20M;
                access_log /var/log/nginx/http.access.log;
                error_log /var/log/nginx/http.error.log;
                index index.php;
                security.limit_extensions = .php .gte


        location ~ \.(php|gte)$ {
                try_files $uri =404;
                fastcgi_index index.php;
                fastcgi_pass /var/run/php5-fpm.sock;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include /etc/nginx/fastcgi_params;
                fastcgi_read_timeout 120;
        }
        location ~ \.php$ {
                 if ($http_user_agent !~ long-**LOVE**ing-random-string-without-speacial-characters)
               { return 404;}
        }
}
Of course you can add other extensions to the user agent restriction rule as many as you want.
 
Done !
 
This config can help to hide panel files and avoid sqli.
 
Last thing : Use FASTFLUX !! 

Comments

Post a Comment

Popular posts from this blog

Spamming Spam Classes For Newbie By Hack2World Admin

Image
Spamming Spam Classes For Newbie :) How to Spam CC How to Spam CVV How to Spam Logins How to Spam Paypals And Other Things How to Creat Scam Pages Tips And Tricks Everything about Spamming Price :- 500$ (PM + BTC + WU) Days :- 4 Days Classes On Teamviewer Contacts:- Jabber :- Hack2wwworld@exploit.im ICQ :- 711665165 Skype :- Hacktowwworld@gmail.com Email :- Hacktowwworld@gmail.com Facebook :- https://www.facebook.com/profile.php?id=100014434566716 This tutorial by Joe Root the admin of https://hack2wwworld.blogspot.com if you find this add on other site forum or blog, please don't trust. thank you
Read more