张康、贾旭明
https://v.youku.com/v_show/id_XMTQyNTE1MDE2NA==.html?playMode=pugv&frommaciku=1
目前测试可用VPN
https://knmvc.com/s/vyuj11
wf-1000xm4双设备连接固件
2月28日,突然 … 继续阅读wf-1000xm4双设备连接固件
看到一篇笑话:我们为什么要禁止刑讯逼供?
转载自知乎:https://www.zhihu.com/question/266520381/answer/2385205893?utm_id=0 勃列日涅夫和美国总统卡特在瑞士开会,休息时间两个人很无聊,就开始比谁的保镖更忠诚。卡特先来,他把自己的保镖叫进来,推开窗(外面是20层楼)说: “约翰,从这里跳下去!”约翰哭着说:“你怎么能这样呢,总统先生,我还有老婆孩子呐。”卡特被感动了,流着泪说是自己不对,叫约翰走了,然后抡到勃列日涅夫,他也大声叫自己的保镖伊万。“伊万,从这里跳下去!”伊万二话不说就要往下跳,卡特一把抱住他说:“你疯了?跳下去会死的!”伊万一边挣扎着要跳下去一边说:“放开我,混蛋,我还有老婆孩子呐。”
利用cloudflare访问被墙的VPS(web和vpn)
最近vps频繁被墙,中途尝试过h … 继续阅读利用cloudflare访问被墙的VPS(web和vpn)
DHA
为记录下这个知识,怕以后找不到了,转载了此文,来源知乎:https://zhuanlan. … 继续阅读DHA
禁用wpjam首页获取文章第一张图
之前一直用wpjam basic来在首页显示文章第一张图片,最近发现wpjam好像会影响页面加载速度,禁用之后速度明显变快,于是尝试自己加代码。 1、在主题编辑器中编辑function.php,在最后加入如下代码: function catch_that_image() { global $post, $posts; $first_img = ''; ob_start(); ob_end_clean(); $output = preg_match_all('/<img.+src=[\'"]([^\'"]+)[\'"].*>/i', $post->post_content, $matches); $first_img = ''; if(empty($matches[1])) $first_img = ""; else $first_img = $matches [1][0]; return $first_img; } 2、在主题编辑器中编辑content-search.php,在第22行插入: <?php if(catch_that_image()){?> <div align=”center”> <img src="<?php echo catch_that_image(); ?>" width="600" > </div> <?php } ?> 3、在该主题目录下修改index.php第39行为“get_template_part( ‘content-search’, get_post_format() );”。这一点操作在以前的文章也提到过:wp主题twentyfifteen首页布局的修改
禁用优化插件获得效率提升
今天 … 继续阅读禁用优化插件获得效率提升
本站优化7:waf防火墙改进动态封禁ip
此文转载自:斐斐のBlog 原文地址:宝塔面板Nginx的Lua-Waf防火墙终极改进 动态封禁IP 实在没有需要修改的地方,就连理由都一样,原文如下: 宝塔面板自带的Nginx防火墙有些鸡肋,对于大量的恶意攻击只能临时拦截,而不能封禁IP,下面的修改可以帮你做到: CC攻击屡教不改,立即ban! 漏洞扫描屡教不改:立即ban! 同一个IP段轮流攻击,整个IP段都给你ban了! 使用了CDN?没关系,获取了真实IP再ban! 一小时后,unban…… 宝塔面板的nginx修改/www/server/nginx/waf/目录下的三个文件即可,如果没有宝塔面板,nginx必须安装Lua,然后对下面的代码稍加修改,并且自己加上正则黑名单(或者下载个宝塔面板把规则文件拷出来)也可以正常使用。 代码:config.lua RulePath = "/www/server/panel/vhost/wafconf/" --规则文件夹 attacklog="on" logdir = "/www/wwwlogs/waf/" --日志文件夹 UrlDeny="on" Redirect="on" CookieMatch="on" postMatch="on" whiteModule="on" black_fileExt={"php"} ipWhitelist={} ipBlocklist={} CCDeny="on" CCrate="500/100" --这个是CC攻击的几秒钟允许请求几次 代码:init.lua require 'config' local match = string.match local ngxmatch=ngx.re.find local unescape=ngx.unescape_uri local get_headers = ngx.req.get_headers local optionIsOn = function (options) return options == "on" and true or false end logpath = logdir rulepath = RulePath UrlDeny = optionIsOn(UrlDeny) PostCheck = optionIsOn(postMatch) CookieCheck = optionIsOn(cookieMatch) WhiteCheck = optionIsOn(whiteModule) PathInfoFix = optionIsOn(PathInfoFix) attacklog = optionIsOn(attacklog) CCDeny = optionIsOn(CCDeny) Redirect=optionIsOn(Redirect) function subString(str, k) --截取字符串 ts = string.reverse(str) _, i = string.find(ts, k) m = string.len(ts) - i + 1 return string.sub(str, 1, m) end function getClientIp() IP = ngx.var.remote_addr if ngx.var.HTTP_X_FORWARDED_FOR then IP = ngx.var.HTTP_X_FORWARDED_FOR end if IP == nil then IP = "unknown" end IP = subString(IP, "[.]") .. "*" return IP end function getRealIp() IP = ngx.var.remote_addr if ngx.var.HTTP_X_FORWARDED_FOR then --如果用了CDN,判断真实IP IP = ngx.var.HTTP_X_FORWARDED_FOR end if IP == nil then IP = "unknown" end return IP end function write(logfile,msg) local fd = io.open(logfile,"ab") if fd == nil then return end fd:write(msg) fd:flush() fd:close() end function log(method,url,data,ruletag) if attacklog then local realIp = getRealIp() local ua = ngx.var.http_user_agent local servername=ngx.var.server_name local time=ngx.localtime() if ua then line = realIp.." ["..time.."] \""..method.." "..servername..url.."\" \""..data.."\" \""..ua.."\" \""..ruletag.."\"\n" else line = realIp.." ["..time.."] \""..method.." "..servername..url.."\" \""..data.."\" - \""..ruletag.."\"\n" end local filename = logpath..'/'..servername.."_"..ngx.today().."_sec.log" write(filename,line) end end ------------------------------------规则读取函数------------------------------------------------------------------- function read_rule(var) file = io.open(rulepath..'/'..var,"r") if file==nil then return end t = {} for line in file:lines() do table.insert(t,line) end file:close() return(t) end -----------------------------------频繁扫描封禁ip------------------------------------------------------------------- function ban_ip(point) local token = getClientIp() .. "_WAF" local limit = ngx.shared.limit local req,_=limit:get(token) if req then limit:set(token,req+point,3600) --发现一次,增加积分,1小时内有效 else limit:set(token,point,3600) end end function get_ban_times() local token = getClientIp() .. "_WAF" local limit = ngx.shared.limit local req,_=limit:get(token) if req then return req else return 0 end end function is_ban() local ban_times = get_ban_times() if ban_times >= 100 then --超过100积分,ban ngx.header.content_type = "text/html;charset=UTF-8" ngx.status = ngx.HTTP_FORBIDDEN ngx.exit(ngx.status) return true else return false end return false end urlrules=read_rule('url') argsrules=read_rule('args') uarules=read_rule('user-agent') wturlrules=read_rule('whiteurl') postrules=read_rule('post') ckrules=read_rule('cookie') html=read_rule('returnhtml') function say_html() ban_ip(15) --恶意攻击,罚15分 if Redirect then ngx.header.content_type = "text/html;charset=UTF-8" ngx.status = ngx.HTTP_FORBIDDEN ngx.say(html) ngx.exit(ngx.status) end end function whiteurl() if WhiteCheck then if wturlrules ~=nil then for _,rule in pairs(wturlrules) do if ngxmatch(ngx.var.uri,rule,"isjo") then return true end end end end return false end function fileExtCheck(ext) local items = Set(black_fileExt) ext=string.lower(ext) if ext then for rule in pairs(items) do if ngx.re.match(ext,rule,"isjo") then log('POST',ngx.var.request_uri,"-","file attack with ext "..ext) say_html() end end end return false end function Set (list) local set = {} for _, l in ipairs(list) do set[l] = true end return set end function args() for _,rule in pairs(argsrules) do local args = ngx.req.get_uri_args() for key, val in pairs(args) do if type(val)=='table' then local t={} for k,v in pairs(val) do if v == true then v="" end table.insert(t,v) end data=table.concat(t, " ") else data=val end if data and type(data) ~= "boolean" and rule ~="" and ngxmatch(unescape(data),rule,"isjo") then log('GET',ngx.var.request_uri,"-",rule) say_html() return true end end end return false end function url() if UrlDeny then for _,rule in pairs(urlrules) do if rule ~="" and ngxmatch(ngx.var.request_uri,rule,"isjo") then log('GET',ngx.var.request_uri,"-",rule) say_html() return true end end end return false end function ua() local ua = ngx.var.http_user_agent if ua ~= nil then for _,rule in pairs(uarules) do if rule ~="" and ngxmatch(ua,rule,"isjo") then log('UA',ngx.var.request_uri,"-",rule) say_html() return true end end end return false end function body(data) for _,rule in pairs(postrules) do if rule ~="" and data~="" and ngxmatch(unescape(data),rule,"isjo") then log('POST',ngx.var.request_uri,data,rule) say_html() return true end end return false end function cookie() local ck = ngx.var.http_cookie if CookieCheck and ck then for _,rule in pairs(ckrules) do if rule ~="" and ngxmatch(ck,rule,"isjo") then log('Cookie',ngx.var.request_uri,"-",rule) say_html() return true end end end return false end function denycc() if CCDeny then CCcount=tonumber(string.match(CCrate,'(.*)/')) CCseconds=tonumber(string.match(CCrate,'/(.*)')) local token = getRealIp() local limit = ngx.shared.limit local req,_=limit:get(token) if req then if req > CCcount then limit:incr(token,1) ban_ip(req - CCcount) --CC攻击,罚分 ngx.header.content_type = "text/html" ngx.status = ngx.HTTP_FORBIDDEN ngx.say("老哥你手速也忒快了吧,要不休息"..CCcount.."秒?") ngx.exit(ngx.status) return true else limit:incr(token,1) end else limit:set(token,1,CCseconds) end end return false end function get_boundary() local header = get_headers()["content-type"] if not header then return nil end if type(header) == "table" then header = header[1] end local m = match(header, ";%s*boundary=\"([^\"]+)\"") if m then return m end return match(header, ";%s*boundary=([^\",;]+)") end function whiteip() if next(ipWhitelist) ~= nil then for _,ip in pairs(ipWhitelist) do if getClientIp()==ip then return true end end end return false end function blockip() if next(ipBlocklist) ~= nil then for _,ip in pairs(ipBlocklist) do if getClientIp()==ip then ngx.exit(444) return true end end end return false end 代码:waf.lua local content_length=tonumber(ngx.req.get_headers()['content-length']) local method=ngx.req.get_method() local ngxmatch=ngx.re.match if whiteip() then elseif blockip() then elseif whiteurl() then elseif is_ban() then elseif denycc() then elseif ngx.var.http_Acunetix_Aspect then ngx.exit(444) elseif ngx.var.http_X_Scan_Memo then ngx.exit(444) elseif ua() then elseif url() then elseif args() then elseif cookie() then elseif PostCheck then if method=="POST" then local boundary = get_boundary() if boundary then local len = string.len local sock, err = ngx.req.socket() if not sock then return end ngx.req.init_body(128 * 1024) sock:settimeout(0) local content_length = nil content_length=tonumber(ngx.req.get_headers()['content-length']) local chunk_size = 4096 if content_length < chunk_size then chunk_size = content_length end local size = 0 while size < content_length do local data, err, partial = sock:receive(chunk_size) data = data or partial if not data then return end ngx.req.append_body(data) if body(data) then return true end size = size + len(data) local m = ngxmatch(data,[[Content-Disposition: form-data;(.+)filename="(.+)\\.(.*)"]],'ijo') if m then fileExtCheck(m[3]) filetranslate = true else if ngxmatch(data,"Content-Disposition:",'isjo') then filetranslate = false end if filetranslate==false then if body(data) then return true end end end local less = content_length - size if less < chunk_size then chunk_size = less end end ngx.req.finish_body() else ngx.req.read_body() local args = ngx.req.get_post_args() if not args then return end for key, val in pairs(args) do if type(val) == "table" then if type(val[1]) == "boolean" then return end data=table.concat(val, ", ") else data=val end if data and type(data) ~= "boolean" and body(data) then body(key) end end end end else return end
本站优化6:开启nginx的过滤器
最近, … 继续阅读本站优化6:开启nginx的过滤器