have a site which is using wordpress + nginx + php-fpm seems to be hacked, the situations are below :
when it happens when access to website, nginx will show 404 or 502 badgateway. No response from ssh port. there was one time my ssh was still connected and it turns out that nothing can be done (neither shell commands nor system commands).
i re-install the system and found that even my php-fpm wasn't working correctly by adding the following line to fast_cgiparams in nginx configuration `fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;, it was also compromised.
I'm suspicious that there is problem with my nginx (because of 2, php-fpm wasn't up but still got hack), could someone provide any suggestions ?
upstream web_cluster {
server unix:/var/run/php5-fpm-1.sock ;
server unix:/var/run/php5-fpm-2.sock ;
server unix:/var/run/php5-fpm-3.sock ;
server unix:/var/run/php5-fpm-4.sock ;
server unix:/var/run/php5-fpm-5.sock ;
}
fastcgi_cache_path /var/cache/nginx levels=1:2 keys_zone=microcache:10m max_size=1024m;
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /www;
index index.php;
# Make site accessible from localhost
server_name localhost;
if ($request_uri ~* "/(wp-admin|wp-login.php)") {
set $no_cache 1;
}
if ($request_uri ~* "/store.*|/cart.*|/my-account.*|/checkout.*|/addons.*") {
set $no_cache 1;
}
if ( $arg_add-to-cart != "" ) {
set $no_cache 1;
}
if ( $cookie_woocommerce_items_in_cart != "0" ) {
set $no_cache 1;
}
location /web_status {
stub_status on;
access_log off;
}
location = /blog {
rewrite ^ xttp://mysite/ permanent;
}
location /blog/ {
rewrite ^ xttp://mysite/ permanent;
}
location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
access_log off;
log_not_found off;
expires 30d;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_cache microcache;
fastcgi_cache_key $scheme$host$request_uri$request_method;
fastcgi_cache_valid any 1h;
fastcgi_cache_use_stale updating error timeout invalid_header http_500;
fastcgi_pass_header Set-Cookie;
fastcgi_pass_header Cookie;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
fastcgi_pass web_cluster;
fastcgi_connect_timeout 60s;
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
# redirect server error pages to the static page /50x.html
#
try_files $uri $uri/ /index.php?q=$uri&$args;
}
# HTTPS server
#
server {
listen 443;
listen [::]:443 ipv6only=on;
server_name localhost;
root /www;
index index.php;
ssl on;
ssl_certificate /etc/ssl/private/<mysite>_bundle.crt;
ssl_certificate_key /etc/ssl/private/<mysite>.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
}
if ($request_uri ~* "/(wp-admin|wp-login.php)") {
set $no_cache 1;
}
if ($request_uri ~* "/store.*|/cart.*|/my-account.*|/checkout.*|/addons.*") {
set $no_cache 1;
}
if ( $arg_add-to-cart != "" ) {
set $no_cache 1;
}
if ( $cookie_woocommerce_items_in_cart != "0" ) {
set $no_cache 1;
}
location /web_status {
stub_status on;
access_log off;
}
location = /blog {
rewrite ^ xttp://mysite/ permanent;
}
location /blog/ {
rewrite ^ xttp://mysite/ permanent;
}
location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
access_log off;
log_not_found off;
expires 30d;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_cache microcache;
fastcgi_cache_key $scheme$host$request_uri$request_method;
fastcgi_cache_valid any 1h;
fastcgi_cache_use_stale updating error timeout invalid_header http_500;
fastcgi_pass_header Set-Cookie;
fastcgi_pass_header Cookie;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
fastcgi_pass web_cluster;
fastcgi_connect_timeout 60s;
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
try_files $uri $uri/ /index.php?q=$uri&$args;
}