Thursday, December 25, 2014

Secure Your Botnet Panel Using Nginx Config

Posted by Joe Root Posted on 5:36 PM No comments
Hi All
The example will be on CentOS.
 
Our security will be based on two simple things in nginx configuration:
user-agent.
php extension.
 
The idea is simple, it is :
 
To change the file extension of the gate ".php" into something else. in our tutorial, ".gte" will be taken as example.
 
Configure nginx to process the files ".gte" as ".php".
 
Lock all access (Get) to php files (and other extensions if we want) of our panel on a long user-agent (if user-agent is false return 404).
 
 
Configure Nginx :
 
nginx.conf (/etc/nginx/nginx.conf) :
user nginx;
worker_processes 1;

error_log       /var/log/nginx/error.log warn;
pid             /var/run/nginx.pid;


events  {
                worker_connections      1024;
        }

http    {
                include         /etc/nginx/mime.types;
                default_type    application/ctect-stream;
                log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                                '$status $body_bytes_sent "$http_referer" '
                                '"$http_user_agent" "$http_x_forwarded_for"';
                access_log /var/log/nginx/access.log main;
                sendfile        on;
                #tcp_nopush     on;
                #gzip           on;

                include /etc/nginx/conf.d/*.conf;
                server_tokens off;
}
note : "server_tokens off" is a must to hide nginx version.
 
php-fpm users, sockets config (/etc/php-fpm/conf.d/www.conf)
; RPM: apache Choosed to be able to access some dir as httpd
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx
; Note: This value is mandatory.
;listen = 127.0.0.1:9000
listen = /var/run/php5-fpm.sock
Quote

The advantage of running PHP-FPM on socket connections instead of TCP/IP is that the socket connections are much more faster than TCP/IP connections (around 10-15%) because it saves the passing the data over the different layers of TCP/IP stack.

dmain-name.conf (/etc/nginx/conf.d/domain-name.conf):
server {
                listen 80;
                server_name damain-name;
                root /var/www;
                client_max_body_size 20M;
                access_log /var/log/nginx/http.access.log;
                error_log /var/log/nginx/http.error.log;
                index index.php;
                security.limit_extensions = .php .gte


        location ~ \.(php|gte)$ {
                try_files $uri =404;
                fastcgi_index index.php;
                fastcgi_pass /var/run/php5-fpm.sock;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include /etc/nginx/fastcgi_params;
                fastcgi_read_timeout 120;
        }
        location ~ \.php$ {
                 if ($http_user_agent !~ long-**LOVE**ing-random-string-without-speacial-characters)
               { return 404;}
        }
}
Of course you can add other extensions to the user agent restriction rule as many as you want.
 
Done !
 
This config can help to hide panel files and avoid sqli.
 
Last thing : Use FASTFLUX !! 

Categories: , ,

0 Comments:

Post a Comment

Subscribe to: Post Comments (Atom)