我有一个论坛/群组网站,其中包含大量外部 URL,有时是直接下载链接。我想保护我的访问者免受恶意软件网站的可能攻击,因为他们不太可能点击这些链接。目前我实施了 DBL (spamhaus),但这还不够。我想先运行后台任务来检查传出链接。我在 StackOverflow(错误地发布在那里)和这里查看了类似的问题,但找不到与我的问题相同的问题或好的答案。
人们建议使用 ClamAV,但我认为它无法检测出托管恶意软件的网站,而且有很多漏检。我查看了谷歌安全浏览服务 ( http://code.google.com/apis/safebrowsing/developers_guide_v2.html 实施和维护起来非常复杂,而且中途我迷路了:S)
我可以寻求商业解决方案,任何可以保护访问者和我的网站品牌的东西。但我想听听服务器管理员的意见,以及是否有人实施了这样的服务。
我的服务器是基本的 CentOS LAMP 堆栈。
提前谢谢您。
答案1
我在 crontab 脚本中使用 3 或 4 个外部站点检查服务。这是用我的语言 (tcsh) 编写的,但可以轻松转换为 bash/sh
我每天运行一次。
可能比较困难的部分是整理您链接到的外部网站的列表。
#!/bin/tcsh -f
# simplistic after the fact check/test of our sites,being possible malware related.
#Mon Sep 20 18:52:15 GMT 2010,dianevm at gmail.com
# happened once when some bogus advert networks were used for 48 hours :-(
setenv TZ CST6CDT
set LINKS="links -no-references -no-numbering -dump-width 120 -dump "
set TMPF=/tmp/.malware.dmp.$$
#alias DBG 'echo -n DEBUG:; set PAUSE=$<'
alias DBG 'echo -n " "'
set NOW=`date +%T`
alias OKOUT 'set NOW=`date +%T`;printf %-8s \!*;echo " $NOW"'
set SITES2CHECK="toplevel.com external2.com varioussite3.com etc.com"
foreach i ( $SITES2CHECK )
echo ___ $i ___
printf %-20s GOOGLE
$LINKS "http://www.google.com/safebrowsing/diagnostic?site=$i" >! $TMPF
set GOOGLEOK=`grep 'This site is not currently listed as suspicious' $TMPF |wc -l`
if ( "$GOOGLEOK" == "1" )then
OKOUT ok
else
tcsh ~/malwarefail $i GOOGLE $TMPF
endif
printf %-20s SiteAdvisor
$LINKS http://www.siteadvisor.com/sites/$i >! $TMPF
set SITEADVOK=`grep 'tested this site and didn.t find any significant problems.' $TMPF|wc -l`
set SITEADVUNKNOWN=`grep 'we haven.t tested this one yet.' $TMPF|wc -l`
if ($SITEADVOK == "1" || "$SITEADVUNKNOWN" == "1") then
OKOUT ok
else
tcsh ~/malwarefail $i SITEADV $TMPF
endif
printf %-20s Norton
$LINKS "http://safeweb.norton.com/report/show?url=$i" >! $TMPF
set NORTONOK=`grep 'Norton Safe Web found no issues with this site' $TMPF|wc -l`
set NORTONUNKNOWN=`grep ' This site has not been tested yet' $TMPF|wc -l`
if ($NORTONOK == "1" ||$NORTONUNKNOWN == "1" ) then
OKOUT ok
else
tcsh ~/malwarefail $i NORTON $TMPF
endif
printf %-20s BRWSDEFNDR
$LINKS "http://www.browserdefender.com/site/$i/">! $TMPF
set BRWSDEFNDROK=`grep 'Our testing of this site found no dangerous downloads' $TMPF|wc -l`
set BRWSDEFNDRUNKNOWN=`grep 'Not yet rated' $TMPF|head -1|wc -l`
#note head added,2 instances
if ($BRWSDEFNDROK == "1" ||$BRWSDEFNDRUNKNOWN == "1" ) then
OKOUT ok
else
tcsh ~/malwarefail $i BRWSDEFNDR $TMPF
endif
end
~
## note malwarefail just emails people the output of the dump files