Otu esi etinye WordPress ModSecurity Rule Set (WPRS)

Nhazi Iwu Nchebe Mod WordPress (WPRS) e kere ya AndreaTheMiddle. Ọ bụ usoro iwu na-agbatị OWASP CRS a ma ama na nke a na-ejikarị ya na freeware Mod Security 3 WAF mepere emepe. Iwu iwu ndị a bụ nhọrọ magburu onwe ya maka ndị ọrụ nwere nrụnye WordPress dịka a maara nke ọma na ọ bụ ndị kachasị ọgụ nyere ha bụ nọmba 1 na-ewu ewu na nke a na-ejikarị CMS.

N'ime nkuzi na-esote, ị ga-amụta otu esi ebudata na melite WordPress WPRS na sava Linux gị.

Budata WPRS

Chọta akwụkwọ ndekọ aha ị nwere ModSecurity na OWASP isi iwu. Nkuzi a, ọ na-eji Ubuntu 20.04. Ị nwere ike ịgbanwe iwu ka dabara na sistemụ arụmọrụ gị nke nhọrọ.

cd /etc/nginx/waf

Na-esote, mechie WPRS n'ime ndekọ aha.

sudo git clone https://github.com/Rev3rseSecurity/wordpress-modsecurity-ruleset.git
budata wps na github

Advertisement


Wụnye WPRS na OWASP CRS

Dịka ekwuru, WPRS ga-arụ ọrụ na ụkpụrụ isi nke OWASP, ị ga-etinyerịrị usoro iwu WPRS, ma ị ga-enwerịrị ya na modsecurity.conf:

Include wordpress-modsecurity-ruleset/*.conf
Wụnye WPRS na OWASP CRS

Ozugbo i tinyechara nke a na faịlụ gị, nwalee sava weebụ gị ka ị hụ na enweghị mmejọ ma malitegharịa ihe nkesa gị, yabụ na iwu ndabara na-arụ ọrụ. Ekele, ị tinyela WPRS yana Modsecurity/OWASP CRS.

Hazie WPRS

Ugbu a ị nwere ike ileba anya na ntọala ndabara iji gbanwee omume. Ị nwere ike ịnwe atụmatụ ị ga-achọ ịgbanwe iji kwalite arụmọrụ nke ụkpụrụ iwu na faịlụ "01-SETUP.conf".

Iwu 22000000: Adreesị IP onye ahịa

Maka ezigbo id ahịa ahịa, anyị nwere nhọrọ atọ ịhọrọ site na ndabara %{REMOTE_ADDR} nke na-abụkarị nhọrọ. Otú ọ dị, ị nwere ike ịtọ nhọrọ maka Load Balance ma ọ bụ Igwe ojii ma ọ bụrụ na ihe nkesa gị nọ n'azụ otu n'ime ndị a site na uncommenting otu n'ime atọ ahịrị.

Nhọrọ ahịrị 1 enweghị nkọwa:

====DEFAULT====
#SecAction "phase:1,id:22000000,nolog,pass,t:none,setvar:tx.wprs_client_ip=%{REMOTE_ADDR}"

====CLOUDFLARE====
#SecAction "phase:1,id:22000000,nolog,pass,t:none,setvar:tx.wprs_client_ip=%{REQUEST_HEADERS:CF-Connecting-IP}"

====LOAD BALANCER====
#SecAction "phase:1,id:22000000,nolog,pass,t:none,setvar:tx.wprs_client_ip=%{REQUEST_HEADERS:X-Forwarded-For}"
Iwu 22000000: Adreesị IP ndị ahịa

Iwu 22000004: Kwado / Gbanyụọ mbelata ike-ike

Iwu mbelata ike WPRS, nke a na-agbanye na ndabara ma tọọ ya na 1. Ị kwesịrị ịtọ ya na 0 ma ọ bụrụ na nke a metụtara ngwa weebụ gị ma ọ bụ megidere iwu nchekwa ọzọ.

Mebie ahịrị ahụ wee mezie:

====Disabled====

SecAction "id:22000004,phase:1,nolog,pass,t:none,setvar:tx.wprs_check_bruteforce=0"

====Enabled (Recommended)====

SecAction "id:22000004,phase:1,nolog,pass,t:none,setvar:tx.wprs_check_bruteforce=1"
Iwu 22000004: Kwado / Gbanyụọ mbelata ike-ike

Iwu 22000005: Ogologo oge

The "ogologo oge" iwu na-ekpuchi sekọnd ole ka a ga-abawanye counter nbanye na mgbalị ọ bụla na /wp-login.php. Ntọala ndabara bụ 120 sekọnd (nkeji 2); Otú ọ dị, a na m akwado ịgbanwe nke a na nkeji iri dị ka ihe atụ na nhazi ahụ.

Mebie ahịrị ahụ wee mezie:

SecAction "id:22000005,phase:1,nolog,pass,t:none,setvar:tx.wprs_bruteforce_timespan=600"
Iwu 22000005: Ogologo oge

Usoro 22000010: Oke

Iwu ọnụ ụzọ na-ekpebi mbọ nbanye ole n'ime "ogologo oge" oge tupu WPRS anabata tupu ya amachibido onye ahịa. Ihe ndabara bụ "5", nke bụ ezigbo ntọala, mana ị nwere ike ịhazi ya.

Dịka ọmụmaatụ, anyị na-edozi usoro oge 600 sekọnd. Ị chere na mbọ nbanye "5" n'ime oge ahụ agaghị anabata, wee debe nzọcha mkpụrụ ka ọ bụrụ "3".

Mebie ahịrị ahụ wee mezie:

SecAction "id:22000010,phase:1,nolog,pass,t:none,setvar:tx.wprs_bruteforce_threshold=3"
Usoro 22000010: Oke

Iwu 22000015: Oge mmachibido iwu

Oge mmachibido iwu ka emechara mbọ nbanye nke ike ike, oge ndabara bụ 300 sekọnd (nkeji 5); Otú ọ dị, ọ bụrụ na ị nọ n'okpuru mwakpo ike nke bots nke ọtụtụ nrụnye WordPress bụ, m ga-edozi nke a dị elu. Anyị tụrụ aro 3600 sekọnd (1 elekere)

Mebie ahịrị ahụ wee mezie:

SecAction "id:22000015,phase:1,nolog,pass,t:none,setvar:tx.wprs_bruteforce_banperiod=3600"
Iwu 22000015: Oge mmachibido iwu

Usoro 22000020: Nyocha ndekọ

Ihe omume njirimara banye na /wp-login.php nwere ike gbanyụọ, mana enwere ike ịkwado ndabara maka nyocha ndekọ nchekwa.

Mebie ahịrị ahụ wee mezie:

====Disabled====

SecAction "id:22000020,phase:1,nolog,pass,t:none,setvar:tx.wprs_log_authentications=0"

====Enabled (Recommended)====

SecAction "id:22000020,phase:1,nolog,pass,t:none,setvar:tx.wprs_log_authentications=1"
Usoro 22000020: Nyocha ndekọ

Usoro 22000025: XMLRPC

Iwu 22000025 XMLRPC ị nwere ike mee ma ọ bụ gbanyụọ ohere na edemede xmlrpc.php. Ọtụtụ ndị ọrụ WordPress achọghị nhọrọ a mana hapụ ya ka ọ rụọ ọrụ n'ihi na ha amaghị nke ọma, ọ na-emepe vector ọgụ maka ndị hackers.

Inwe xmlrpc.php mepere bụ WordPress nke abụọ na-arụsi ọrụ ike maka ndị hackers na ndị na-erigbu na-esote /wp-login.php. Yabụ, a na-atụ aro ka ị gbanyụọ ya ma ọ bụrụ na ịchọghị nhọrọ WordPress a.

Mebie ahịrị ahụ wee mezie:

====Disabled (Recommended)====

SecAction "id:22000025,phase:1,nolog,pass,t:none,setvar:tx.wprs_allow_xmlrpc=0"

====Enabled (Recommended)====

SecAction "id:22000025,phase:1,nolog,pass,t:none,setvar:tx.wprs_allow_xmlrpc=1"
Usoro 22000025: XMLRPC

Iwu 22000030: Ngụkọta onye ọrụ

Iwu ngụkọ nwere ike mee ma ọ bụ gbanyụọ arịrịọ dịka "/author=1". Ndị na-awakpo na-ejikarị ngụkọ onye ọrụ na-eji paramita onye edemede, yabụ ekwesịrị ị were ya dị ka ebe imechi ọ gwụla ma ịchọrọ ya.

Mebie ahịrị ahụ wee mezie:

====Disabled (Recommended)====

SecAction "id:22000030,phase:1,nolog,pass,t:none,setvar:tx.wprs_allow_user_enumeration=0"

====Enabled (Recommended)====

SecAction "id:22000030,phase:1,nolog,pass,t:none,setvar:tx.wprs_allow_user_enumeration=1"
Iwu 22000030: Ngụkọta onye ọrụ

Iwu 22000035: Mmegide DoS

Mgbe iwu nyere ego nlele megide mwakpo DoS na webụsaịtị WordPress gị, iwu na-egbochi mwakpo dịka CVE-2018-6389. Ọ bụrụ na ndị hackers chọtara CVE, ha nwere ike bute oriri akụrụngwa, dị ka ọgụ iji mee ihe na WordPress 4.9.2 n'akụkọ ihe mere eme.

Mebie ahịrị ahụ wee mezie:

====Disabled====

SecAction "id:22000035,phase:1,nolog,pass,t:none,setvar:tx.wprs_check_dos=0"

====Enabled (Recommended)====

SecAction "id:22000035,phase:1,nolog,pass,t:none,setvar:tx.wprs_check_dos=1"
Iwu 22000035: Mmegide DoS

Advertisement


Okwu na mmechi

WordPress ModSecurity Ruleset na-abịa na ụfọdụ nnukwu nhọrọ iwu agbakwunyere iji gbakwunye ntakịrị nchekwa ahụ na WordPress. Ọ na-arụ ọrụ nke ọma na usoro iwu OWASP na ekwesịghị inye gị nsogbu ọ bụla na nchikota nke iwu ị debere na usoro iwu abụọ ahụ. Ọtụtụ plugins dị na ụlọ ahịa WordPress na-eme ihe WPRS setịpụrụ ime; Otú ọ dị, ịnọ na Modsecurity, ọ na-anọdụ n'ihu ebe nrụọrụ weebụ gị kama imeghachi omume na mwakpo dị ka ngwa mgbakwunye. N'ozuzu, ọ ka mma iji.

Ahapụ a Comment