有一个使用wordpress + nginx + php-fpm的网站似乎被黑了,情况如下:
当访问网站时,nginx会显示404或502 badgateway。没有ssh端口的响应。有一次我的ssh仍然连接,事实证明没有任何东西可以做(shell命令和系统命令都没有。)
我重新安装系统,发现即使我的php-fpm也没有正常工作,只需在nginx配置中的fast_cgiparams中添加以下行:fastcgi_param SCRIPT_FILENAME $ document_root $ fastcgi_script_name;,它也被泄露了
我怀疑我的nginx存在问题(因为2,php-fpm还没有,但仍然有黑客),有人可以提供任何建议吗?
upstream web_cluster {
server unix:/var/run/php5-fpm-1.sock ;
server unix:/var/run/php5-fpm-2.sock ;
server unix:/var/run/php5-fpm-3.sock ;
server unix:/var/run/php5-fpm-4.sock ;
server unix:/var/run/php5-fpm-5.sock ;
}
fastcgi_cache_path /var/cache/nginx levels=1:2 keys_zone=microcache:10m max_size=1024m;
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /www;
index index.php;
# Make site accessible from localhost
server_name localhost;
if ($request_uri ~* "/(wp-admin|wp-login.php)") {
set $no_cache 1;
}
if ($request_uri ~* "/store.*|/cart.*|/my-account.*|/checkout.*|/addons.*") {
set $no_cache 1;
}
if ( $arg_add-to-cart != "" ) {
set $no_cache 1;
}
if ( $cookie_woocommerce_items_in_cart != "0" ) {
set $no_cache 1;
}
location /web_status {
stub_status on;
access_log off;
}
location = /blog {
rewrite ^ xttp://mysite/ permanent;
}
location /blog/ {
rewrite ^ xttp://mysite/ permanent;
}
location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
access_log off;
log_not_found off;
expires 30d;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_cache microcache;
fastcgi_cache_key $scheme$host$request_uri$request_method;
fastcgi_cache_valid any 1h;
fastcgi_cache_use_stale updating error timeout invalid_header http_500;
fastcgi_pass_header Set-Cookie;
fastcgi_pass_header Cookie;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
fastcgi_pass web_cluster;
fastcgi_connect_timeout 60s;
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
# redirect server error pages to the static page /50x.html
#
try_files $uri $uri/ /index.php?q=$uri&$args;
}
# HTTPS server
#
server {
listen 443;
listen [::]:443 ipv6only=on;
server_name localhost;
root /www;
index index.php;
ssl on;
ssl_certificate /etc/ssl/private/<mysite>_bundle.crt;
ssl_certificate_key /etc/ssl/private/<mysite>.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
}
if ($request_uri ~* "/(wp-admin|wp-login.php)") {
set $no_cache 1;
}
if ($request_uri ~* "/store.*|/cart.*|/my-account.*|/checkout.*|/addons.*") {
set $no_cache 1;
}
if ( $arg_add-to-cart != "" ) {
set $no_cache 1;
}
if ( $cookie_woocommerce_items_in_cart != "0" ) {
set $no_cache 1;
}
location /web_status {
stub_status on;
access_log off;
}
location = /blog {
rewrite ^ xttp://mysite/ permanent;
}
location /blog/ {
rewrite ^ xttp://mysite/ permanent;
}
location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
access_log off;
log_not_found off;
expires 30d;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_cache microcache;
fastcgi_cache_key $scheme$host$request_uri$request_method;
fastcgi_cache_valid any 1h;
fastcgi_cache_use_stale updating error timeout invalid_header http_500;
fastcgi_pass_header Set-Cookie;
fastcgi_pass_header Cookie;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
fastcgi_pass web_cluster;
fastcgi_connect_timeout 60s;
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
try_files $uri $uri/ /index.php?q=$uri&$args;
}