0

On my Nginx log recently i have noticed 100's entries like this where a directory search was executed with error, because those directory does not exist on my webserver. now, how can I block them once they failed searching few directories?

2015/06/29 09:33:54 [error] 23641#0: *1687 open() "/usr/share/nginx/html/section/wp-login.php" failed (2: No such file or directory), client: 116.58.246.226, server: localhost, request: "GET /section/wp-login.php HTTP/1.1", host: "blog.abcd.info"
2015/06/29 09:33:55 [error] 23641#0: *1687 open() "/usr/share/nginx/html/cms/wp-login.php" failed (2: No such file or directory), client: 116.58.246.226, server: localhost, request: "GET /cms/wp-login.php HTTP/1.1", host: "blog.abcd.info"
2015/06/29 09:33:56 [error] 23641#0: *1687 open() "/usr/share/nginx/html/site/wp-login.php" failed (2: No such file or directory), client: 116.58.246.226, server: localhost, request: "GET /site/wp-login.php HTTP/1.1", host: "blog.abcd.info"
2015/06/29 09:33:57 [error] 23641#0: *1687 open() "/usr/share/nginx/html/blog/wp-login.php" failed (2: No such file or directory), client: 116.58.246.226, server: localhost, request: "GET /blog/wp-login.php HTTP/1.1", host: "blog.abcd.info"
2015/06/29 09:33:58 [error] 23641#0: *1687 open() "/usr/share/nginx/html/admin/wp-login.php" failed (2: No such file or directory), client: 116.58.246.226, server: localhost, request: "GET /admin/wp-login.php HTTP/1.1", host: "blog.abcd.info"
Tapash
  • 153
  • 1
  • 6

1 Answers1

0

1). As a rule those crawlers find something like "admin.php" - You may collect Your own base of urls ;) and block them.

2). If You have good understanding what web applications works on Your server and which files it uses - You may deny access to all php-files - they are the most popular target of crawlers. And explicitly allow only for Your files.

location =/index.php {
  proxy_pass http://127.0.0.1:<port>;
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;
}    
location / {
  proxy_pass http://127.0.0.1:<port>;
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;
}
location =/custom.php {
  # all other Your own scripts You may define such way, as this location
  proxy_pass http://127.0.0.1:<port>;
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;
}   
location ~ \.php$ {
  access_log /path/to/log/nginx_deny.log name_log;
  deny all;
}

I asked similar question several months ago here :) and finded good way at the end. You may look more detailed here: nginx - deny all *.php requests except index.php for security reasons

Community
  • 1
Sergey Serov
  • 397
  • 3
  • 7
  • 14