LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-31-2018, 02:06 PM   #1
newbie14
Member
 
Registered: Sep 2011
Posts: 646

Rep: Reputation: Disabled
Nginx too many *4185 open() errors


I have just setup a new nginx server on Centos 7.
I notice a lot of the following types entry in my error logs.
I notice e.g. are they trying to pass into my javascripts
Code:
2018/05/31 14:03:14 [error] 16873#0: *4138 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/mfolder/bootstrap-daterangepicker/daterangepicker.js
Code:
2018/05/31 14:03:14 [error] 16873#0: *4152 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/mfolder/moment/min/moment.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:14 [error] 16873#0: *4138 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/mfolder/bootstrap-daterangepicker/daterangepicker.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:14 [error] 16873#0: *4138 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/mfolder/bootstrap-daterangepicker/daterangepicker.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:14 [error] 16873#0: *4151 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/mfolder/switchery/dist/switchery.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:14 [error] 16873#0: *4151 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/mfolder/switchery/dist/switchery.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:14 [error] 16873#0: *4155 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/mfolder/select2/dist/js/select2.full.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:14 [error] 16873#0: *4155 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/mfolder/select2/dist/js/select2.full.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:14 [error] 16873#0: *4154 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/mfolder/parsleyjs/dist/parsley.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:14 [error] 16873#0: *4154 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/mfolder/parsleyjs/dist/parsley.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4152 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/mfolder/autosize/dist/autosize.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4152 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/mfolder/autosize/dist/autosize.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4155 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/mfolder/devbridge-autocomplete/dist/jquery.autocomplete.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4155 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/mfolder/devbridge-autocomplete/dist/jquery.autocomplete.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4151 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/mfolder/starrr/dist/starrr.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4151 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/mfolder/starrr/dist/starrr.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4154 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/mfolder/bootstrap/dist/js/bootstrap.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4154 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/mfolder/bootstrap/dist/js/bootstrap.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4138 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/mfolder/datatables.net/js/jquery.dataTables.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4138 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/mfolder/datatables.net/js/jquery.dataTables.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4152 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/mfolder/datatables.net-bs/js/dataTables.bootstrap.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4152 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/mfolder/datatables.net-bs/js/dataTables.bootstrap.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4154 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/mfolder/datatables.net-buttons/js/dataTables.buttons.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4154 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/mfolder/datatables.net-buttons/js/dataTables.buttons.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4151 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/mfolder/datatables.net-buttons-bs/js/buttons.bootstrap.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4151 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/mfolder/datatables.net-buttons-bs/js/buttons.bootstrap.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4155 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/mfolder/fastclick/lib/fastclick.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4155 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/mfolder/fastclick/lib/fastclick.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4138 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/mfolder/datatables.net-buttons/js/buttons.flash.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4138 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/mfolder/datatables.net-buttons/js/buttons.flash.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4154 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/mfolder/pdfmake/build/pdfmake.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4154 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/mfolder/pdfmake/build/pdfmake.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4138 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/mfolder/pdfmake/build/vfs_fonts.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4138 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/mfolder/pdfmake/build/vfs_fonts.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4153 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/custms/js/custom.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4153 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/custms/js/custom.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4155 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/impm/xxx.png HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4155 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/impm/xxx.png HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4153 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/mfolder/iCheck/icheck.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4153 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/mfolder/iCheck/icheck.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:18:01 [error] 16873#0: *4168 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/impm/xxx.png HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:18:01 [error] 16873#0: *4168 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/impm/xxx.png HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:38:57 [error] 16873#0: *4180 directory index of "/var/www/html/" is forbidden, client: 60.173.10.16, server: _, request: "GET / HTTP/1.1", host: "xxx.x.xxx.xxx"
2018/05/31 14:38:57 [error] 16873#0: *4180 open() "/var/www/html/index.action" failed (2: No such file or directory), client: 60.173.10.16, server: _, request: "GET /index.action HTTP/1.1", host: "xxx.x.xxx.xxx"
2018/05/31 14:38:57 [error] 16873#0: *4180 open() "/var/www/html/404.html" failed (2: No such file or directory), client: 60.173.10.16, server: _, request: "GET /index.action HTTP/1.1", host: "xxx.x.xxx.xxx"
2018/05/31 15:26:18 [error] 16873#0: *4184 open() "/var/www/html/manager/html" failed (2: No such file or directory), client: 183.131.83.50, server: _, request: "GET /manager/html HTTP/1.1", host: "xxx.x.xxx.xxx"
2018/05/31 15:26:18 [error] 16873#0: *4184 open() "/var/www/html/404.html" failed (2: No such file or directory), client: 183.131.83.50, server: _, request: "GET /manager/html HTTP/1.1", host: "xxx.x.xxx.xxx"
2018/05/31 15:27:38 [error] 16873#0: *4185 open() "/var/www/html/favicon.ico" failed (2: No such file or directory), client: 64.233.173.141, server: _, request: "GET /favicon.ico HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 15:27:38 [error] 16873#0: *4185 open() "/var/www/html/404.html" failed (2: No such file or directory), client: 64.233.173.141, server: _, request: "GET /favicon.ico HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 15:33:36 [error] 16873#0: *4189 client intended to send too large body: 1195 bytes, client: 122.114.204.78, server: _, request: "POST /wls-wsat/CoordinatorPortType HTTP/1.1", host: "xxx.x.xxx.xxx:80"
What else can I do to further harden my nginx server?

Last edited by newbie14; 05-31-2018 at 02:12 PM.
 
Old 05-31-2018, 04:10 PM   #2
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
fail2ban
 
Old 05-31-2018, 04:53 PM   #3
newbie14
Member
 
Registered: Sep 2011
Posts: 646

Original Poster
Rep: Reputation: Disabled
Hi Habitual,
I have fail2ban ready but what settings will help me overcome this sort of hack attempts. Are these showing some attempt to hack ?
 
Old 05-31-2018, 05:42 PM   #4
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Can't tell from the scrubbed log file entries.
They have no VERB codes (200 OK/404 NOT FOUND/ etc

https://hostpresto.com/community/tut...n-on-centos-7/ may help.
 
Old 05-31-2018, 10:20 PM   #5
newbie14
Member
 
Registered: Sep 2011
Posts: 646

Original Poster
Rep: Reputation: Disabled
Hi Habitual,
What else logs should I look into ? I see a lot of this. Should I take more logs to be posted here? Any other tips to hardened ngixn. Will naxsi help to harden it.
 
Old 05-31-2018, 11:25 PM   #6
DevGuy
LQ Newbie
 
Registered: May 2018
Location: London
Distribution: CentOS 7.5
Posts: 25

Rep: Reputation: Disabled
You don't have the files they are looking for. There's no need to harden anything. You can either block the IP or ignore them.

I normally feed them a file of my choice. It's free marketing for the file I want to distribute.
 
Old 06-01-2018, 10:54 AM   #7
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Quote:
Originally Posted by newbie14 View Post
Hi Habitual,
What else logs should I look into?
https://hostpresto.com/community/tut...n-on-centos-7/

What is "behind nginx? Turdpress, Magento, Drupal???
What is being served?
What are they asking for?
Code:
grep 60.52.28.169/var/log/nginx/*
No more "logs"without verbs.
Create a custom jail and get f2b up to speed using that IP as a marker/test, or ignore 60.52.28.169
or issue a drop for 60.52.0.0/18

You want to learn fail2ban?

vi /etc?fail2ban/filter.d/myfilter.conf
Code:
[Definition]
failregex = ^<HOST> .* ".*(?i)GET /app1/mfolder.*?"
ignoreregex =
test it:
Code:
fail2ban-regex /var/log/nginx/access.log /etc?fail2ban/filter.d/myfilter.conf
If it hits, you'll know.

Last edited by Habitual; 06-04-2018 at 05:36 PM.
 
Old 06-01-2018, 11:51 PM   #8
newbie14
Member
 
Registered: Sep 2011
Posts: 646

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by DevGuy View Post
You don't have the files they are looking for. There's no need to harden anything. You can either block the IP or ignore them.

I normally feed them a file of my choice. It's free marketing for the file I want to distribute.
hi DeveGuy,
Actually all those files exist in those folders. I guess they have checked through my files list. How to stop that quite difficult I know cause they can see from my source codes.
 
Old 06-02-2018, 05:50 AM   #9
DevGuy
LQ Newbie
 
Registered: May 2018
Location: London
Distribution: CentOS 7.5
Posts: 25

Rep: Reputation: Disabled
Ok then, rename directory app1 to 273C1702B811A053B15E1E8DF06CD324. They will never find it. You know the directory name, so you can access it.

If the directory name is referred to by public pages, then you have to remove such references. Or, you can restrict access to that directory by you own IP if you are the only one using those files.

Last edited by DevGuy; 06-02-2018 at 05:55 AM.
 
Old 06-02-2018, 05:55 AM   #10
newbie14
Member
 
Registered: Sep 2011
Posts: 646

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by DevGuy View Post
Ok then, rename directory app1 to 273C1702B811A053B15E1E8DF06CD324. They will never find it. You know the directory name, so you can access it.
Hi Devguy,
But the issue is the when say my clients want to use now the application is http://myip/app1. So if I rename it will be difficult for my clients to even remember and browse. What else solution is best here?
 
Old 06-02-2018, 06:06 AM   #11
DevGuy
LQ Newbie
 
Registered: May 2018
Location: London
Distribution: CentOS 7.5
Posts: 25

Rep: Reputation: Disabled
Quote:
Originally Posted by newbie14 View Post
Hi Devguy,
But the issue is the when say my clients want to use now the application is http://myip/app1. So if I rename it will be difficult for my clients to even remember and browse. What else solution is best here?
If you want to do sophisticated stuff, you will have to hire a dev. Otherwise there's no easy solution to limit access only to some of the public. Renaming directory is the simplest way to do it cheaply. You can simply give your clients the directory name. As long as the name isn't referenced by files accessible by all public, and the name is a good length, unauthorised public will never find the name. But there's nothing to stop your clients giving out such information.
 
Old 06-03-2018, 07:17 AM   #12
newbie14
Member
 
Registered: Sep 2011
Posts: 646

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by DevGuy View Post
If you want to do sophisticated stuff, you will have to hire a dev. Otherwise there's no easy solution to limit access only to some of the public. Renaming directory is the simplest way to do it cheaply. You can simply give your clients the directory name. As long as the name isn't referenced by files accessible by all public, and the name is a good length, unauthorised public will never find the name. But there's nothing to stop your clients giving out such information.
Hi Devguy,
Yes you are right even how sophisticated I make it if the client give them the access they will still get it. So how will he hired dev guys could really help then?
 
Old 06-03-2018, 08:19 AM   #13
DevGuy
LQ Newbie
 
Registered: May 2018
Location: London
Distribution: CentOS 7.5
Posts: 25

Rep: Reputation: Disabled
Quote:
Originally Posted by newbie14 View Post
Hi Devguy,
Yes you are right even how sophisticated I make it if the client give them the access they will still get it. So how will he hired dev guys could really help then?
I think you can hire some Indian dev for cheap on the internet. There are these dev hiring sites on the internet that you can offer a job amount and people will apply for the job. No idea how good a job they do.

I am a dev myself, but I don't work cheap. So I won't compete with those Indians or the hungry Romanians.
 
Old 06-04-2018, 10:17 AM   #14
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
https://www.owasp.org/index.php/Acce...ol_Cheat_Sheet
 
Old 06-04-2018, 11:59 AM   #15
newbie14
Member
 
Registered: Sep 2011
Posts: 646

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Habitual View Post
https://hostpresto.com/community/tut...n-on-centos-7/

What is "behind nginx? Turdpress, Magento, Drupal???
What is being served?
What are they asking for?
Code:
grep 60.52.28.169/var/log/nginx/*
No more "logs"without verbs.
Create a custom jail and get f2b up to speed using that IP as a marker/test, or ignore 60.52.28.169
or issue a drop for 60.52.0.0/18

You want to learn fail2banj?

vi /etc?fail2ban/filter.d/myfilter.conf
Code:
[Definition]
failregex = ^<HOST> .* ".*(?i)GET /app1/mfolder.*?"
ignoreregex =
test it:
Code:
fail2ban-regex /var/log/nginx/access.log /etc?fail2ban/filter.d/myfilter.conf
If it hits, you'll know.

Hi Habitual,
I have visited the link you suggested. So the section on the page suggested to add #To enable log monitoring for Nginx login attempts.[nginx-auth]. So I just add right below the default section that should be fine right. Why is it suggesting to change to jail.local then how will it know to pick this as the .conf ?
Basically what is running behind will be bootstrap template based php application. I dont quite get you No more "logs"without verbs.? What do you mean by this logs. I can pull more for you.
You suggested this "Create a custom jail and get f2b up to speed using that IP as a marker/test, or ignore 60.52.28.169
or issue a drop for 60.52.0.0/18". Where to create this is it in the jail.local or jail.conf ?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how to increase the max open files of nginx master process hilou Linux - Server 2 09-19-2016 03:45 AM
NGINX Open Source: Reflecting Back and Looking Ahead jeremy Linux - News 0 04-14-2015 03:08 PM
LXer: Apache and Nginx Update Open Source Web Servers LXer Syndicated Linux News 0 03-21-2014 04:20 AM
LXer: Nginx Plus Moves Open-Source Web Server Forward LXer Syndicated Linux News 0 08-24-2013 06:30 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:31 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration