Fatal编程技术网
  • apache/
  • Apache已被破坏或被用作攻击和其他系统的代理

Apache已被破坏或被用作攻击和其他系统的代理

apache proxy

Apache已被破坏或被用作攻击和其他系统的代理,apache,proxy,reverse-proxy,http-proxy,Apache,Proxy,Reverse Proxy,Http Proxy,我收到一封来自索尼互动娱乐有限责任公司(“SIE”)的邮件,说我的服务器滥用了他们的服务 我检查并确保: 除了我,没有人可以远程访问我的服务器。SSH和所有其他服务只接受我的IP,所有其他服务都被防火墙阻止 Apache(httpd)不会被黑客攻击,我的服务器上没有PHP和任何活动脚本 所有日志(系统、安全、消息等)均为空或没有任何奇怪的内容 除了我找到的apache访问日志: 77.38.177.177 - - [30/Jun/2017:19:21:48 +0000] "CONNECT aut

我收到一封来自索尼互动娱乐有限责任公司(“SIE”)的邮件,说我的服务器滥用了他们的服务

我检查并确保:

  • 除了我,没有人可以远程访问我的服务器。SSH和所有其他服务只接受我的IP,所有其他服务都被防火墙阻止
  • Apache(httpd)不会被黑客攻击,我的服务器上没有PHP和任何活动脚本
  • 所有日志(系统、安全、消息等)均为空或没有任何奇怪的内容
    • 除了我找到的apache访问日志:

    77.38.177.177 - - [30/Jun/2017:19:21:48 +0000] "CONNECT auth.api.sonyentertainmentnetwork.com:443 HTTP/1.1" 400 226 "-" "-"
138.201.29.228 - - [30/Jun/2017:19:21:48 +0000] "CONNECT www.stoiximan.gr:443 HTTP/1.1" 200 - "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1409.70 Safari/537.36"
94.122.39.35 - - [30/Jun/2017:19:21:49 +0000] "A" 400 226 "-" "-"
77.108.80.2 - - [30/Jun/2017:19:20:48 +0000] "CONNECT artiwell.com:443 HTTP/1.1" 200 - "-" "-"
138.201.19.161 - - [30/Jun/2017:19:21:48 +0000] "CONNECT www.bet-at-home.com:443 HTTP/1.1" 200 - "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/17.0.1232.63 Safari/537.36"
77.108.80.2 - - [30/Jun/2017:19:21:48 +0000] "GET http://sea-tools.com.ua/oborudovanie/betonomeshalki/filter/287-k-werk HTTP/1.1" 200 25537 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.87 Safari/537.36"
94.158.152.58 - - [30/Jun/2017:19:21:49 +0000] "A" 400 226 "-" "-"
138.201.19.161 - - [30/Jun/2017:19:21:48 +0000] "GET http://sports.titanbet.com/en/e/5260805/Ansan-Police-v-Ansan-Greeners?mkt_grp_code=TMWIN HTTP/1.1" 200 25023 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.604.118 Safari/537.36"
117.1.114.50 - - [30/Jun/2017:19:21:49 +0000] "GET http://static.doubleclick.net/instream/ad_status.js HTTP/1.1" 200 29 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"
94.158.152.58 - - [30/Jun/2017:19:21:49 +0000] "CONNECT static.doubleclick.net:443 HTTP/1.0" 200 - "-" "-"
185.71.186.147 - - [30/Jun/2017:19:21:49 +0000] "CONNECT static.sportsinteraction.net:443 HTTP/1.1" 200 - "-" "-"
    我必须将防火墙设置为拒绝向外部服务器发送的每个HTTP请求,以终止该攻击

    到目前为止,我还有一些无法回答的问题:

  • 为什么有人可以使用我的apache连接到外部服务器
  • 他们怎么能这样做?如何在不使用防火墙阻止一切的情况下阻止此问题
    • 下面是我的apache虚拟主机配置:

    NameVirtualHost *:80

<Directory "/data/websource">
    DirectoryIndex index.html index.php
    AllowOverride All
    # Allow open access:
    Require all granted
</Directory>
<VirtualHost *:80>
    ServerName subdomain1.my.domain
    DocumentRoot "web_root/subdomain1/source/www"
    ServerAdmin postmaster@dummy-host2.localhost
    ErrorLog "logs/subdomain1-error.log"
    CustomLog "logs/subdomain1-access.log" combined

    #turn on proxy

    ProxyPreserveHost On
    ProxyRequests On

    ProxyPass /classroom1 http://xyz.my.other.ip/classroom1
    ProxyPassReverse /classroom1 http://xyz.my.other.ip/classroom1

    ProxyPass /bigbluebutton/ http://xyz.my.other.ip/bigbluebutton/
    ProxyPassReverse /bigbluebutton/ http://xyz.my.other.ip/bigbluebutton/

    ProxyPass /client/ http://xyz.my.other.ip/client/
    ProxyPassReverse /client/ http://xyz.my.other.ip/client/

    ProxyPass /bbb http://xyz.my.other.ip/
    ProxyPassReverse /bbb http://xyz.my.other.ip/

    ProxyPass /demo/ http://xyz.my.other.ip/demo/
    ProxyPassReverse /demo/ http://xyz.my.other.ip/demo/

    ProxyPass /streams.xml http://xyz.my.other.ip/streams.xml
    ProxyPassReverse /streams.html http://xyz.my.other.ip/streams.html

    ProxyPass /testjava.html http://xyz.my.other.ip/testjava.html
    ProxyPassReverse /testjava.html http://xyz.my.other.ip/testjava.html

    ProxyPass /myngleapi/ http://xyz.my.other.ip/myngleapi/
    ProxyPassReverse /myngleapi/ http://xyz.my.other.ip/myngleapi/

    ProxyPass /myngleapi http://xyz.my.other.ip/myngleapi
    ProxyPassReverse /myngleapi http://xyz.my.other.ip/myngleapi

    ProxyPass /help.html http://xyz.my.other.ip/help.html
    ProxyPassReverse /help.html http://xyz.my.other.ip/help.html

    ProxyPass /call.php http://www.source/mynglevline/call.php
    ProxyPassReverse /call.php http://www.source/mynglevline/call.php

</VirtualHost>
<VirtualHost *:80>
    ServerName subdomain2.my.domain
    DocumentRoot "web_root/subdomain1/source/admin"
    ServerAdmin postmaster@dummy-host2.localhost
    ErrorLog "logs/subdomain1-admin-error.log"
    CustomLog "logs/subdomain1-admin-access.log" combined

</VirtualHost>
<VirtualHost *:80>
    ServerName subdomain3.my.domain
    DocumentRoot "web_root/subdomain3/source/www"
    ServerAdmin postmaster@dummy-host2.localhost
    ErrorLog "logs/subdomain3-error.log"
    CustomLog "logs/subdomain3-access.log" combined

    #turn on proxy

    ProxyPreserveHost On
    ProxyRequests On

    ProxyPass /classroom1 http://xyz.my.other.ip/classroom1
    ProxyPassReverse /classroom1 http://xyz.my.other.ip/classroom1

    ProxyPass /bigbluebutton/ http://xyz.my.other.ip/bigbluebutton/
    ProxyPassReverse /bigbluebutton/ http://xyz.my.other.ip/bigbluebutton/

    ProxyPass /client/ http://xyz.my.other.ip/client/
    ProxyPassReverse /client/ http://xyz.my.other.ip/client/

    ProxyPass /bbb http://xyz.my.other.ip/
    ProxyPassReverse /bbb http://xyz.my.other.ip/

    ProxyPass /demo/ http://xyz.my.other.ip/demo/
    ProxyPassReverse /demo/ http://xyz.my.other.ip/demo/

    ProxyPass /streams.xml http://xyz.my.other.ip/streams.xml
    ProxyPassReverse /streams.html http://xyz.my.other.ip/streams.html

    ProxyPass /testjava.html http://xyz.my.other.ip/testjava.html
    ProxyPassReverse /testjava.html http://xyz.my.other.ip/testjava.html

    ProxyPass /myngleapi/ http://xyz.my.other.ip/myngleapi/
    ProxyPassReverse /myngleapi/ http://xyz.my.other.ip/myngleapi/

    ProxyPass /myngleapi http://xyz.my.other.ip/myngleapi
    ProxyPassReverse /myngleapi http://xyz.my.other.ip/myngleapi

    ProxyPass /help.html http://xyz.my.other.ip/help.html
    ProxyPassReverse /help.html http://xyz.my.other.ip/help.html

    ProxyPass /call.php http://www.source/mynglevline/call.php
    ProxyPassReverse /call.php http://www.source/mynglevline/call.php

</VirtualHost>
<VirtualHost *:80>
    ServerName subdomain4.my.domain
    DocumentRoot "web_root/subdomain3/source/admin"
    ServerAdmin postmaster@dummy-host2.localhost
    ErrorLog "logs/subdomain3-admin-error.log"
    CustomLog "logs/subdomain3-admin-access.log" combined

</VirtualHost>
<VirtualHost *:80>
    ServerName subdomain5.my.domain
    DocumentRoot "web_root/subdomain5/source/www"
    ServerAdmin postmaster@dummy-host2.localhost
    ErrorLog "logs/release-error.log"
    CustomLog "logs/release-access.log" combined

    #turn on proxy

    ProxyPreserveHost On
    ProxyRequests On

    ProxyPass /classroom1 http://xyz.my.other.ip/classroom1
    ProxyPassReverse /classroom1 http://xyz.my.other.ip/classroom1

    ProxyPass /bigbluebutton/ http://xyz.my.other.ip/bigbluebutton/
    ProxyPassReverse /bigbluebutton/ http://xyz.my.other.ip/bigbluebutton/

    ProxyPass /client/ http://xyz.my.other.ip/client/
    ProxyPassReverse /client/ http://xyz.my.other.ip/client/

    ProxyPass /bbb http://xyz.my.other.ip/
    ProxyPassReverse /bbb http://xyz.my.other.ip/

    ProxyPass /demo/ http://xyz.my.other.ip/demo/
    ProxyPassReverse /demo/ http://xyz.my.other.ip/demo/

    ProxyPass /streams.xml http://xyz.my.other.ip/streams.xml
    ProxyPassReverse /streams.html http://xyz.my.other.ip/streams.html

    ProxyPass /testjava.html http://xyz.my.other.ip/testjava.html
    ProxyPassReverse /testjava.html http://xyz.my.other.ip/testjava.html

    ProxyPass /myngleapi/ http://xyz.my.other.ip/myngleapi/
    ProxyPassReverse /myngleapi/ http://xyz.my.other.ip/myngleapi/

    ProxyPass /myngleapi http://xyz.my.other.ip/myngleapi
    ProxyPassReverse /myngleapi http://xyz.my.other.ip/myngleapi

    ProxyPass /help.html http://xyz.my.other.ip/help.html
    ProxyPassReverse /help.html http://xyz.my.other.ip/help.html

    ProxyPass /call.php http://www.source/mynglevline/call.php
    ProxyPassReverse /call.php http://www.source/mynglevline/call.php

</VirtualHost>
<VirtualHost *:80>
    ServerName subdomain6.my.domain
    DocumentRoot "web_root/subdomain5/source/admin"
    ServerAdmin postmaster@dummy-host2.localhost
    ErrorLog "logs/subdomain5-admin-error.log"
    CustomLog "logs/subdomain5-admin-access.log" combined

</VirtualHost>

    NameVirtualHost*:80
DirectoryIndex.html index.php
允许超越所有
#允许开放访问:
要求所有授权
ServerName子域1.my.domain
DocumentRoot“web_root/subdomain1/source/www”
服务器管理员postmaster@dummy-host2.localhost
ErrorLog“logs/subdomain1 error.log”
CustomLog“logs/subdomain1 access.log”组合
#启用代理
代理主机
代理请求
代理通行证/教室1http://xyz.my.other.ip/classroom1
ProxyPassReverse/教室1http://xyz.my.other.ip/classroom1
ProxyPass/bigbluebutton/http://xyz.my.other.ip/bigbluebutton/
ProxyPassReverse/bigbluebutton/http://xyz.my.other.ip/bigbluebutton/
代理通行证/客户机/http://xyz.my.other.ip/client/
ProxyPassReverse/客户端/http://xyz.my.other.ip/client/
ProxyPass/bbbhttp://xyz.my.other.ip/
ProxyPassReverse/bbbhttp://xyz.my.other.ip/
ProxyPass/演示/http://xyz.my.other.ip/demo/
ProxyPassReverse/演示/http://xyz.my.other.ip/demo/
ProxyPass/streams.xmlhttp://xyz.my.other.ip/streams.xml
ProxyPassReverse/streams.htmlhttp://xyz.my.other.ip/streams.html
ProxyPass/testjava.htmlhttp://xyz.my.other.ip/testjava.html
ProxyPassReverse/testjava.htmlhttp://xyz.my.other.ip/testjava.html
ProxyPass/myngleapi/http://xyz.my.other.ip/myngleapi/
ProxyPassReverse/myngleapi/http://xyz.my.other.ip/myngleapi/
ProxyPass/myngleapihttp://xyz.my.other.ip/myngleapi
ProxyPassReverse/myngleapihttp://xyz.my.other.ip/myngleapi
ProxyPass/help.htmlhttp://xyz.my.other.ip/help.html
ProxyPassReverse/help.htmlhttp://xyz.my.other.ip/help.html
ProxyPass/call.phphttp://www.source/mynglevline/call.php
ProxyPassReverse/call.phphttp://www.source/mynglevline/call.php
ServerName子域2.my.domain
DocumentRoot“web\u根/子域1/source/admin”
服务器管理员postmaster@dummy-host2.localhost
ErrorLog“logs/subdomain1管理错误.log”
CustomLog“logs/subdomain1 admin access.log”组合
ServerName子域3.my.domain
DocumentRoot“web_root/subdomain3/source/www”
服务器管理员postmaster@dummy-host2.localhost
ErrorLog“logs/subdomain3 error.log”
CustomLog“logs/subdomain3 access.log”组合
#启用代理
代理主机
代理请求
代理通行证/教室1http://xyz.my.other.ip/classroom1
ProxyPassReverse/教室1http://xyz.my.other.ip/classroom1
ProxyPass/bigbluebutton/http://xyz.my.other.ip/bigbluebutton/
ProxyPassReverse/bigbluebutton/http://xyz.my.other.ip/bigbluebutton/
代理通行证/客户机/http://xyz.my.other.ip/client/
ProxyPassReverse/客户端/http://xyz.my.other.ip/client/
ProxyPass/bbbhttp://xyz.my.other.ip/
ProxyPassReverse/bbbhttp://xyz.my.other.ip/
ProxyPass/演示/http://xyz.my.other.ip/demo/
ProxyPassReverse/演示/http://xyz.my.other.ip/demo/
ProxyPass/streams.xmlhttp://xyz.my.other.ip/streams.xml
ProxyPassReverse/streams.htmlhttp://xyz.my.other.ip/streams.html
ProxyPass/testjava.htmlhttp://xyz.my.other.ip/testjava.html
ProxyPassReverse/testjava.htmlhttp://xyz.my.other.ip/testjava.html
ProxyPass/myngleapi/http://xyz.my.other.ip/myngleapi/
ProxyPassReverse/myngleapi/http://xyz.my.other.ip/myngleapi/
ProxyPass/myngleapihttp://xyz.my.other.ip/myngleapi
ProxyPassReverse/myngleapihttp://xyz.my.other.ip/myngleapi
ProxyPass/help.htmlhttp://xyz.my.other.ip/help.html
ProxyPassReverse/help.htmlhttp://xyz.my.other.ip/help.html
ProxyPass/call.phphttp://www.source/mynglevline/call.php
ProxyPassReverse/call.phphttp://www.source/mynglevline/call.php
ServerName子域4.my.domain
DocumentRoot“web_root/subdomain3/source/admin”
服务器管理员postmaster@dummy-host2.localhost
ErrorLog“日志/子域3管理错误.log”
CustomLog“logs/subdomain3 admin access.log”组合
ServerName子域5.my.domain
DocumentRoot“web_root/subdomain5/source/www”
服务器管理员postmaster@dummy-host2.localhost
ErrorLog“日志/发布错误.log”
CustomLog“logs/release access.log”组合
#启用代理
代理主机
代理请求
代理通行证/教室1http://xyz.my.other.ip/classroom1
ProxyPassReverse/教室1http://xyz.my.other.ip/classroom1
ProxyPass/bigbluebutton/http://xyz.my.other.ip/bigbluebutton/
ProxyPassReverse/bigbluebutton/http://xyz.my.other.ip/bigbluebutton/
代理通行证/客户机/http://xyz.my.other.ip/client/
ProxyPassReverse/客户端/http://xyz.my.other.ip/client/
ProxyPass/bbbhttp://xyz.my.other.ip/
ProxyPassReverse/bbbhttp://xyz.my.other.ip/
ProxyPass/演示/http://xyz.my.other.ip/demo/
ProxyPassReverse/演示/http://xyz.my.other.ip/demo/
ProxyPass/streams.xmlhttp://xyz.my.other.ip/streams.xml
ProxyPassReverse/streams.htmlhttp://xyz.my.other.ip/streams.html
ProxyPass/testjava.htmlhttp://xyz.my.other.ip/testjava.html
ProxyPassReverse