我的一位客户抱怨遭到了攻击。我检查了访问日志,发现管理员登录页面有大量来自看似随机的 IP 地址的请求。我.htacces在/administrator目录中创建了一个文件,并在其中填充了以下内容(IP 地址已混淆):
order deny,allow
deny from all
allow from 96.xxx.xx.xxx #my IP address
allow from 97.xx.xxx.xxx #my client's IP address
然后我转到一个免费代理服务器并输入管理页面的 URL。该页面没有加载任何资源(图片),但它确实加载了实际页面本身。
.htaccessJoomla! 在中的文件中执行了一些 SEF 操作DocumentRoot。它看起来像这样:
## Begin - Joomla! core SEF Section.
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the request is for something within the component folder,
# or for the site root, or for an extensionless URL, or the
# requested URL ends with one of the listed extensions
RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC]
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
## End - Joomla! core SEF Section.
我猜测管理员目录中的文件无法正常工作的原因.htaccess与主 Joomla! 文件有关.htaccess。是真的吗?我尝试将其添加到我的主要 .htaccess 文件中,但导致了 500 错误:
<Directory /var/www/vhosts/sweathelp.org/httpdocs/administrator>
order deny,allow
deny from all
allow from 96.xxx.xx.xxx
allow from 97.xx.xxx.xxx
</Directory>
如何才能有效地阻止对管理员目录的所有访问(不包括两个白名单 IP 地址)?
答案1
实际的管理员页面(可能是 PHP?)是否存在,或者它只是由类似index.php虚假目录结构的东西生成的?
为了简化,请尝试这样的操作(在您的主配置文件中,而不是.htaccess):
<Location /administrator>
Order deny,allow
Deny from all
Allow from 96.xxx.xx.xxx
Allow from 97.xx.xxx.xxx
</Location>