Secure Your Botnet Panel Using Nginx Config
Hi All
The example will be on CentOS.
Our security will be based on two simple things in nginx configuration:
user-agent.
php extension.
The idea is simple, it is :
To change the file extension of the gate ".php" into something else. in our tutorial, ".gte" will be taken as example.
Configure nginx to process the files ".gte" as ".php".
Lock all access (Get) to php files (and other extensions if we want) of our panel on a long user-agent (if user-agent is false return 404).
Nginx installation : http://howtounix.info/howto/nginx-php-5-3-10-and-php-fpm-on-centos-5-7-6-2
Configure Nginx :
nginx.conf (/etc/nginx/nginx.conf) :
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/ctect-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#gzip on;
include /etc/nginx/conf.d/*.conf;
server_tokens off;
}
note : "server_tokens off" is a must to hide nginx version.
php-fpm users, sockets config (/etc/php-fpm/conf.d/www.conf)
; RPM: apache Choosed to be able to access some dir as httpd
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx
; Note: This value is mandatory.
;listen = 127.0.0.1:9000
listen = /var/run/php5-fpm.sock
Quote
The advantage of running PHP-FPM on socket connections instead of TCP/IP is that the socket connections are much more faster than TCP/IP connections (around 10-15%) because it saves the passing the data over the different layers of TCP/IP stack.
dmain-name.conf (/etc/nginx/conf.d/domain-name.conf):
server {
listen 80;
server_name damain-name;
root /var/www;
client_max_body_size 20M;
access_log /var/log/nginx/http.access.log;
error_log /var/log/nginx/http.error.log;
index index.php;
security.limit_extensions = .php .gte
location ~ \.(php|gte)$ {
try_files $uri =404;
fastcgi_index index.php;
fastcgi_pass /var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
fastcgi_read_timeout 120;
}
location ~ \.php$ {
if ($http_user_agent !~ long-**LOVE**ing-random-string-without-speacial-characters)
{ return 404;}
}
}
Of course you can add other extensions to the user agent restriction rule as many as you want.
Done !
This config can help to hide panel files and avoid sqli.
Just use the extension of chrome : https://chrome.google.com/webstore/detail/user-agent-switcher-for-c/djflhoibgkdhkhhcedjiklpkjnoahfmg
Last thing : Use FASTFLUX !!
Comments
Post a Comment