Apache已被破坏或被用作攻击和其他系统的代理
我收到一封来自索尼互动娱乐有限责任公司(“SIE”)的邮件,说我的服务器滥用了他们的服务 我检查并确保:Apache已被破坏或被用作攻击和其他系统的代理,apache,proxy,reverse-proxy,http-proxy,Apache,Proxy,Reverse Proxy,Http Proxy,我收到一封来自索尼互动娱乐有限责任公司(“SIE”)的邮件,说我的服务器滥用了他们的服务 我检查并确保: 除了我,没有人可以远程访问我的服务器。SSH和所有其他服务只接受我的IP,所有其他服务都被防火墙阻止 Apache(httpd)不会被黑客攻击,我的服务器上没有PHP和任何活动脚本 所有日志(系统、安全、消息等)均为空或没有任何奇怪的内容 除了我找到的apache访问日志: 77.38.177.177 - - [30/Jun/2017:19:21:48 +0000] "CONNECT aut
77.38.177.177 - - [30/Jun/2017:19:21:48 +0000] "CONNECT auth.api.sonyentertainmentnetwork.com:443 HTTP/1.1" 400 226 "-" "-"
138.201.29.228 - - [30/Jun/2017:19:21:48 +0000] "CONNECT www.stoiximan.gr:443 HTTP/1.1" 200 - "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1409.70 Safari/537.36"
94.122.39.35 - - [30/Jun/2017:19:21:49 +0000] "A" 400 226 "-" "-"
77.108.80.2 - - [30/Jun/2017:19:20:48 +0000] "CONNECT artiwell.com:443 HTTP/1.1" 200 - "-" "-"
138.201.19.161 - - [30/Jun/2017:19:21:48 +0000] "CONNECT www.bet-at-home.com:443 HTTP/1.1" 200 - "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/17.0.1232.63 Safari/537.36"
77.108.80.2 - - [30/Jun/2017:19:21:48 +0000] "GET http://sea-tools.com.ua/oborudovanie/betonomeshalki/filter/287-k-werk HTTP/1.1" 200 25537 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.87 Safari/537.36"
94.158.152.58 - - [30/Jun/2017:19:21:49 +0000] "A" 400 226 "-" "-"
138.201.19.161 - - [30/Jun/2017:19:21:48 +0000] "GET http://sports.titanbet.com/en/e/5260805/Ansan-Police-v-Ansan-Greeners?mkt_grp_code=TMWIN HTTP/1.1" 200 25023 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.604.118 Safari/537.36"
117.1.114.50 - - [30/Jun/2017:19:21:49 +0000] "GET http://static.doubleclick.net/instream/ad_status.js HTTP/1.1" 200 29 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"
94.158.152.58 - - [30/Jun/2017:19:21:49 +0000] "CONNECT static.doubleclick.net:443 HTTP/1.0" 200 - "-" "-"
185.71.186.147 - - [30/Jun/2017:19:21:49 +0000] "CONNECT static.sportsinteraction.net:443 HTTP/1.1" 200 - "-" "-"
我必须将防火墙设置为拒绝向外部服务器发送的每个HTTP请求,以终止该攻击
到目前为止,我还有一些无法回答的问题:
NameVirtualHost *:80
<Directory "/data/websource">
DirectoryIndex index.html index.php
AllowOverride All
# Allow open access:
Require all granted
</Directory>
<VirtualHost *:80>
ServerName subdomain1.my.domain
DocumentRoot "web_root/subdomain1/source/www"
ServerAdmin postmaster@dummy-host2.localhost
ErrorLog "logs/subdomain1-error.log"
CustomLog "logs/subdomain1-access.log" combined
#turn on proxy
ProxyPreserveHost On
ProxyRequests On
ProxyPass /classroom1 http://xyz.my.other.ip/classroom1
ProxyPassReverse /classroom1 http://xyz.my.other.ip/classroom1
ProxyPass /bigbluebutton/ http://xyz.my.other.ip/bigbluebutton/
ProxyPassReverse /bigbluebutton/ http://xyz.my.other.ip/bigbluebutton/
ProxyPass /client/ http://xyz.my.other.ip/client/
ProxyPassReverse /client/ http://xyz.my.other.ip/client/
ProxyPass /bbb http://xyz.my.other.ip/
ProxyPassReverse /bbb http://xyz.my.other.ip/
ProxyPass /demo/ http://xyz.my.other.ip/demo/
ProxyPassReverse /demo/ http://xyz.my.other.ip/demo/
ProxyPass /streams.xml http://xyz.my.other.ip/streams.xml
ProxyPassReverse /streams.html http://xyz.my.other.ip/streams.html
ProxyPass /testjava.html http://xyz.my.other.ip/testjava.html
ProxyPassReverse /testjava.html http://xyz.my.other.ip/testjava.html
ProxyPass /myngleapi/ http://xyz.my.other.ip/myngleapi/
ProxyPassReverse /myngleapi/ http://xyz.my.other.ip/myngleapi/
ProxyPass /myngleapi http://xyz.my.other.ip/myngleapi
ProxyPassReverse /myngleapi http://xyz.my.other.ip/myngleapi
ProxyPass /help.html http://xyz.my.other.ip/help.html
ProxyPassReverse /help.html http://xyz.my.other.ip/help.html
ProxyPass /call.php http://www.source/mynglevline/call.php
ProxyPassReverse /call.php http://www.source/mynglevline/call.php
</VirtualHost>
<VirtualHost *:80>
ServerName subdomain2.my.domain
DocumentRoot "web_root/subdomain1/source/admin"
ServerAdmin postmaster@dummy-host2.localhost
ErrorLog "logs/subdomain1-admin-error.log"
CustomLog "logs/subdomain1-admin-access.log" combined
</VirtualHost>
<VirtualHost *:80>
ServerName subdomain3.my.domain
DocumentRoot "web_root/subdomain3/source/www"
ServerAdmin postmaster@dummy-host2.localhost
ErrorLog "logs/subdomain3-error.log"
CustomLog "logs/subdomain3-access.log" combined
#turn on proxy
ProxyPreserveHost On
ProxyRequests On
ProxyPass /classroom1 http://xyz.my.other.ip/classroom1
ProxyPassReverse /classroom1 http://xyz.my.other.ip/classroom1
ProxyPass /bigbluebutton/ http://xyz.my.other.ip/bigbluebutton/
ProxyPassReverse /bigbluebutton/ http://xyz.my.other.ip/bigbluebutton/
ProxyPass /client/ http://xyz.my.other.ip/client/
ProxyPassReverse /client/ http://xyz.my.other.ip/client/
ProxyPass /bbb http://xyz.my.other.ip/
ProxyPassReverse /bbb http://xyz.my.other.ip/
ProxyPass /demo/ http://xyz.my.other.ip/demo/
ProxyPassReverse /demo/ http://xyz.my.other.ip/demo/
ProxyPass /streams.xml http://xyz.my.other.ip/streams.xml
ProxyPassReverse /streams.html http://xyz.my.other.ip/streams.html
ProxyPass /testjava.html http://xyz.my.other.ip/testjava.html
ProxyPassReverse /testjava.html http://xyz.my.other.ip/testjava.html
ProxyPass /myngleapi/ http://xyz.my.other.ip/myngleapi/
ProxyPassReverse /myngleapi/ http://xyz.my.other.ip/myngleapi/
ProxyPass /myngleapi http://xyz.my.other.ip/myngleapi
ProxyPassReverse /myngleapi http://xyz.my.other.ip/myngleapi
ProxyPass /help.html http://xyz.my.other.ip/help.html
ProxyPassReverse /help.html http://xyz.my.other.ip/help.html
ProxyPass /call.php http://www.source/mynglevline/call.php
ProxyPassReverse /call.php http://www.source/mynglevline/call.php
</VirtualHost>
<VirtualHost *:80>
ServerName subdomain4.my.domain
DocumentRoot "web_root/subdomain3/source/admin"
ServerAdmin postmaster@dummy-host2.localhost
ErrorLog "logs/subdomain3-admin-error.log"
CustomLog "logs/subdomain3-admin-access.log" combined
</VirtualHost>
<VirtualHost *:80>
ServerName subdomain5.my.domain
DocumentRoot "web_root/subdomain5/source/www"
ServerAdmin postmaster@dummy-host2.localhost
ErrorLog "logs/release-error.log"
CustomLog "logs/release-access.log" combined
#turn on proxy
ProxyPreserveHost On
ProxyRequests On
ProxyPass /classroom1 http://xyz.my.other.ip/classroom1
ProxyPassReverse /classroom1 http://xyz.my.other.ip/classroom1
ProxyPass /bigbluebutton/ http://xyz.my.other.ip/bigbluebutton/
ProxyPassReverse /bigbluebutton/ http://xyz.my.other.ip/bigbluebutton/
ProxyPass /client/ http://xyz.my.other.ip/client/
ProxyPassReverse /client/ http://xyz.my.other.ip/client/
ProxyPass /bbb http://xyz.my.other.ip/
ProxyPassReverse /bbb http://xyz.my.other.ip/
ProxyPass /demo/ http://xyz.my.other.ip/demo/
ProxyPassReverse /demo/ http://xyz.my.other.ip/demo/
ProxyPass /streams.xml http://xyz.my.other.ip/streams.xml
ProxyPassReverse /streams.html http://xyz.my.other.ip/streams.html
ProxyPass /testjava.html http://xyz.my.other.ip/testjava.html
ProxyPassReverse /testjava.html http://xyz.my.other.ip/testjava.html
ProxyPass /myngleapi/ http://xyz.my.other.ip/myngleapi/
ProxyPassReverse /myngleapi/ http://xyz.my.other.ip/myngleapi/
ProxyPass /myngleapi http://xyz.my.other.ip/myngleapi
ProxyPassReverse /myngleapi http://xyz.my.other.ip/myngleapi
ProxyPass /help.html http://xyz.my.other.ip/help.html
ProxyPassReverse /help.html http://xyz.my.other.ip/help.html
ProxyPass /call.php http://www.source/mynglevline/call.php
ProxyPassReverse /call.php http://www.source/mynglevline/call.php
</VirtualHost>
<VirtualHost *:80>
ServerName subdomain6.my.domain
DocumentRoot "web_root/subdomain5/source/admin"
ServerAdmin postmaster@dummy-host2.localhost
ErrorLog "logs/subdomain5-admin-error.log"
CustomLog "logs/subdomain5-admin-access.log" combined
</VirtualHost>
NameVirtualHost*:80
DirectoryIndex.html index.php
允许超越所有
#允许开放访问:
要求所有授权
ServerName子域1.my.domain
DocumentRoot“web_root/subdomain1/source/www”
服务器管理员postmaster@dummy-host2.localhost
ErrorLog“logs/subdomain1 error.log”
CustomLog“logs/subdomain1 access.log”组合
#启用代理
代理主机
代理请求
代理通行证/教室1http://xyz.my.other.ip/classroom1
ProxyPassReverse/教室1http://xyz.my.other.ip/classroom1
ProxyPass/bigbluebutton/http://xyz.my.other.ip/bigbluebutton/
ProxyPassReverse/bigbluebutton/http://xyz.my.other.ip/bigbluebutton/
代理通行证/客户机/http://xyz.my.other.ip/client/
ProxyPassReverse/客户端/http://xyz.my.other.ip/client/
ProxyPass/bbbhttp://xyz.my.other.ip/
ProxyPassReverse/bbbhttp://xyz.my.other.ip/
ProxyPass/演示/http://xyz.my.other.ip/demo/
ProxyPassReverse/演示/http://xyz.my.other.ip/demo/
ProxyPass/streams.xmlhttp://xyz.my.other.ip/streams.xml
ProxyPassReverse/streams.htmlhttp://xyz.my.other.ip/streams.html
ProxyPass/testjava.htmlhttp://xyz.my.other.ip/testjava.html
ProxyPassReverse/testjava.htmlhttp://xyz.my.other.ip/testjava.html
ProxyPass/myngleapi/http://xyz.my.other.ip/myngleapi/
ProxyPassReverse/myngleapi/http://xyz.my.other.ip/myngleapi/
ProxyPass/myngleapihttp://xyz.my.other.ip/myngleapi
ProxyPassReverse/myngleapihttp://xyz.my.other.ip/myngleapi
ProxyPass/help.htmlhttp://xyz.my.other.ip/help.html
ProxyPassReverse/help.htmlhttp://xyz.my.other.ip/help.html
ProxyPass/call.phphttp://www.source/mynglevline/call.php
ProxyPassReverse/call.phphttp://www.source/mynglevline/call.php
ServerName子域2.my.domain
DocumentRoot“web\u根/子域1/source/admin”
服务器管理员postmaster@dummy-host2.localhost
ErrorLog“logs/subdomain1管理错误.log”
CustomLog“logs/subdomain1 admin access.log”组合
ServerName子域3.my.domain
DocumentRoot“web_root/subdomain3/source/www”
服务器管理员postmaster@dummy-host2.localhost
ErrorLog“logs/subdomain3 error.log”
CustomLog“logs/subdomain3 access.log”组合
#启用代理
代理主机
代理请求
代理通行证/教室1http://xyz.my.other.ip/classroom1
ProxyPassReverse/教室1http://xyz.my.other.ip/classroom1
ProxyPass/bigbluebutton/http://xyz.my.other.ip/bigbluebutton/
ProxyPassReverse/bigbluebutton/http://xyz.my.other.ip/bigbluebutton/
代理通行证/客户机/http://xyz.my.other.ip/client/
ProxyPassReverse/客户端/http://xyz.my.other.ip/client/
ProxyPass/bbbhttp://xyz.my.other.ip/
ProxyPassReverse/bbbhttp://xyz.my.other.ip/
ProxyPass/演示/http://xyz.my.other.ip/demo/
ProxyPassReverse/演示/http://xyz.my.other.ip/demo/
ProxyPass/streams.xmlhttp://xyz.my.other.ip/streams.xml
ProxyPassReverse/streams.htmlhttp://xyz.my.other.ip/streams.html
ProxyPass/testjava.htmlhttp://xyz.my.other.ip/testjava.html
ProxyPassReverse/testjava.htmlhttp://xyz.my.other.ip/testjava.html
ProxyPass/myngleapi/http://xyz.my.other.ip/myngleapi/
ProxyPassReverse/myngleapi/http://xyz.my.other.ip/myngleapi/
ProxyPass/myngleapihttp://xyz.my.other.ip/myngleapi
ProxyPassReverse/myngleapihttp://xyz.my.other.ip/myngleapi
ProxyPass/help.htmlhttp://xyz.my.other.ip/help.html
ProxyPassReverse/help.htmlhttp://xyz.my.other.ip/help.html
ProxyPass/call.phphttp://www.source/mynglevline/call.php
ProxyPassReverse/call.phphttp://www.source/mynglevline/call.php
ServerName子域4.my.domain
DocumentRoot“web_root/subdomain3/source/admin”
服务器管理员postmaster@dummy-host2.localhost
ErrorLog“日志/子域3管理错误.log”
CustomLog“logs/subdomain3 admin access.log”组合
ServerName子域5.my.domain
DocumentRoot“web_root/subdomain5/source/www”
服务器管理员postmaster@dummy-host2.localhost
ErrorLog“日志/发布错误.log”
CustomLog“logs/release access.log”组合
#启用代理
代理主机
代理请求
代理通行证/教室1http://xyz.my.other.ip/classroom1
ProxyPassReverse/教室1http://xyz.my.other.ip/classroom1
ProxyPass/bigbluebutton/http://xyz.my.other.ip/bigbluebutton/
ProxyPassReverse/bigbluebutton/http://xyz.my.other.ip/bigbluebutton/
代理通行证/客户机/http://xyz.my.other.ip/client/
ProxyPassReverse/客户端/http://xyz.my.other.ip/client/
ProxyPass/bbbhttp://xyz.my.other.ip/
ProxyPassReverse/bbbhttp://xyz.my.other.ip/
ProxyPass/演示/http://xyz.my.other.ip/demo/
ProxyPassReverse/演示/http://xyz.my.other.ip/demo/
ProxyPass/streams.xmlhttp://xyz.my.other.ip/streams.xml
ProxyPassReverse/streams.htmlhttp://xyz.my.other.ip/streams.html
ProxyPass/testjava.htmlhttp://xyz.my.other.ip/testjava.html
ProxyPassReverse