今天教大家在免费的基础上屏蔽织梦扫描,首先您要安装宝塔面板,然后再安装免费的防火墙插件,我用的是Nginx免费防火墙,然后打开这个插件。
设置一条简单的宝塔面板的正则规则就可以屏蔽织梦的规则扫描,代码如下图
^/(data\/admin|include\/data|include\/helpers|plus|member|templets\/default)/(\w+).(php|txt|dat|jpg|inc|htm|html)$
同样道理,user-agent也可做一下过滤
(GRequests|Firefox/7.0.1|MJ12bot|PhantomJS|ThinkChaos|YisouSpider|YandexBot|HTTrack|libcurl-agent|Go-http-client|Apache-HttpClient|harvest|audit|dirbuster|pangolin|nmap|sqln|hydra|Parser|libwww|BBBike|sqlmap|w3af|owasp|Nikto|fimap|havij|zmeu|BabyKrokodil|netsparker|httperf|bench|AhrefsBot|SemrushBot| SF/)
注意上面这条我是直接编辑的规则,所以前后会有括号和/
再添加一条规则,复制下面的代码,点添加按钮,重新添加一些过滤user-agent的规则
CheckMarkNetwork|Synapse|Nimbostratus-Bot|Dark|scraper|LMAO|Hakai|Gemini|Wappalyzer|masscan|crawler4j|Mappy|Center|eright|aiohttp|MauiBot|Crawler|researchscan|Dispatch|AlphaBot|Census|ips-agent|NetcraftSurveyAgent|ToutiaoSpider|EasyHttp|Iframely|sysscan|fasthttp|muhstik|DeuSu|mstshash|HTTP_Request|ExtLinksBot|package|SafeDNSBot|CPython|SiteExplorer|SSH|MegaIndex|BUbiNG|CCBot|NetTrack|Digincore|aiHitBot|SurdotlyBot|null|Test|Copied|ltx71|Nmap|DotBot|AdsBot|InetURL|Pcore-HTTP|PocketParser|Wotbox|newspaper|DnyzBot|redback|PiplBot|SMTBot|WinHTTP|Auto Spider 1.0|GrabNet|TurnitinBot|Go-Ahead-Got-It|Download Demon|Go!Zilla|GetWeb!|GetRight|libwww-perl|Cliqzbot|MailChimp|SMTBot|Dataprovider|XoviBot|linkdexbot|SeznamBot|Qwantify|spbot|evc-batch|zgrab|Go-http-client|FeedDemon|JikeSpider|Indy Library|Alexa Toolbar|AskTbFXTV|AhrefsBot|CrawlDaddy|CoolpadWebkit|Java|UniversalFeedParser|ApacheBench|Microsoft URL Control|Swiftbot|ZmEu|jaunty|Python-urllib|lightDeckReports Bot|YYSpider|DigExt|HttpClient|EasouSpider|LinkpadBot|Ezooms
这是我已知的user-agent,请分析网站日志,如果还有其它的,请找我的联系方式,告诉我,分享给我好吗?
替换织梦代码中退出代码包含的if(!defined('DEDEINC')) exit('dedecms');
像下图这样替换就ok,全站代码都要做这样的替换,如果不做替换就有一定风险性。
这步骤其它刚才用免费防火墙已经设置过了,如果您还不放心,请执行下面的操作,就是那几个目录都要改一下名字plus,data,dede,templates。改名方法可以给我留言。
images目录,js目录里,css目录里没用的文件删除一下,别用install程序安装织梦而是直接导入数据库脚本,删除install目录,替换根目录.ico文件,替换images目录下的defaultpic.gif,别安装织梦的扩展插件
这样基本可以在不花钱的基础上防止扫描织梦漏洞的人扫描你的网站。