Wordpress + nginx + php-fpm网站似乎受到了损害？ nginx（404,502，坏网关）和shell没有功能

have a site which is using wordpress + nginx + php-fpm seems to be hacked, the situations are below :

when it happens when access to website, nginx will show 404 or 502 badgateway. No response from ssh port. there was one time my ssh was still connected and it turns out that nothing can be done (neither shell commands nor system commands).
i re-install the system and found that even my php-fpm wasn't working correctly by adding the following line to fast_cgiparams in nginx configuration `fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;, it was also compromised.

I'm suspicious that there is problem with my nginx (because of 2, php-fpm wasn't up but still got hack), could someone provide any suggestions ?

upstream web_cluster {
        server unix:/var/run/php5-fpm-1.sock ;
        server unix:/var/run/php5-fpm-2.sock ;
        server unix:/var/run/php5-fpm-3.sock ;
        server unix:/var/run/php5-fpm-4.sock ;
        server unix:/var/run/php5-fpm-5.sock ;
}

fastcgi_cache_path /var/cache/nginx levels=1:2 keys_zone=microcache:10m max_size=1024m;

server {
        listen 80 default_server;
        listen [::]:80 default_server ipv6only=on;

        root /www;
        index index.php;

        # Make site accessible from localhost
        server_name localhost;

if ($request_uri ~* "/(wp-admin|wp-login.php)") {
    set $no_cache 1;
}

if ($request_uri ~* "/store.*|/cart.*|/my-account.*|/checkout.*|/addons.*") {
    set $no_cache 1;
}

if ( $arg_add-to-cart != "" ) {
    set $no_cache 1;
}

if ( $cookie_woocommerce_items_in_cart != "0" ) {
    set $no_cache 1;
}

location /web_status {
        stub_status on;
        access_log off;
}

location = /blog {
  rewrite ^ xttp://mysite/ permanent;
}

location /blog/ {
  rewrite ^ xttp://mysite/ permanent;
}

location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
         access_log        off;
         log_not_found     off;
         expires           30d;
}

location ~ \.php$ {
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_cache microcache;
                fastcgi_cache_key $scheme$host$request_uri$request_method;
                fastcgi_cache_valid any      1h;
                fastcgi_cache_use_stale updating error timeout invalid_header http_500;
                fastcgi_pass_header Set-Cookie;
                fastcgi_pass_header Cookie;
                fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
                fastcgi_pass web_cluster;
                fastcgi_connect_timeout 60s;
                fastcgi_cache_bypass $no_cache;
                fastcgi_no_cache $no_cache;
#               fastcgi_pass 127.0.0.1:9000;
#               fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_index index.php;
                include fastcgi_params;
}

        # redirect server error pages to the static page /50x.html
        #
        try_files $uri $uri/ /index.php?q=$uri&$args;

}


# HTTPS server
#
server {
        listen 443;
        listen [::]:443 ipv6only=on;
        server_name localhost;

        root /www;
        index index.php;

        ssl on;
        ssl_certificate /etc/ssl/private/<mysite>_bundle.crt;
        ssl_certificate_key /etc/ssl/private/<mysite>.key;

        ssl_session_timeout 5m;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#       ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
        ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
        ssl_prefer_server_ciphers on;

    }
if ($request_uri ~* "/(wp-admin|wp-login.php)") {
    set $no_cache 1;
}

if ($request_uri ~* "/store.*|/cart.*|/my-account.*|/checkout.*|/addons.*") {
    set $no_cache 1;
}

if ( $arg_add-to-cart != "" ) {
    set $no_cache 1;
}

if ( $cookie_woocommerce_items_in_cart != "0" ) {
    set $no_cache 1;
}

location /web_status {
        stub_status on;
        access_log off;
}

location = /blog {
  rewrite ^ xttp://mysite/ permanent;
}

location /blog/ {
  rewrite ^ xttp://mysite/ permanent;
}

location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
         access_log        off;
         log_not_found     off;
         expires           30d;
}

location ~ \.php$ {
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_cache microcache;
                fastcgi_cache_key $scheme$host$request_uri$request_method;
                fastcgi_cache_valid any      1h;
                fastcgi_cache_use_stale updating error timeout invalid_header http_500;
                fastcgi_pass_header Set-Cookie;
                fastcgi_pass_header Cookie;
                fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
                fastcgi_pass web_cluster;
                fastcgi_connect_timeout 60s;
                fastcgi_cache_bypass $no_cache;
                fastcgi_no_cache $no_cache;
#               fastcgi_pass 127.0.0.1:9000;
#               fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_index index.php;
                include fastcgi_params;
}
        try_files $uri $uri/ /index.php?q=$uri&$args;
}

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

报告相同问题？

关注问题

Nginx + PHP-FPM：连接到上游时拒绝连接（502） docker nginx php
2018-01-22 19:33

回答 1 已采纳 Problem could be in the www.conf file. You are listening to 127.0.0.1:9000 but this way from won't
Nginx + PHP-FPM重定向到静态PHP文件 nginx php
2018-05-20 11:48

回答 1 已采纳 The simplest solution would be to hardwire SCRIPT_FILENAME with a value of /app/webroot/index.php
找不到nginx + php5-fpm.sock nginx php
2016-05-24 09:46

回答 3 已采纳 At the end restart the server and it works.
使用Swoole协程一键代理PHP-FPM服务
2020-11-02 20:01

八重樱。的博客一、什么是FastCGI 在Swoole发布的v4.5(RC)版本中，...其实很简单，大家使用PHP-FPM搭建服务的时候必然少不了前面架一个Nginx丶Apache或者IIS之类的东西作为代理，我们应用程序和代理通信的时候，可能会使用各种各样
从Apache转换为Nginx + PHP-FPM后的Wordpress设置 apache nginx php
2014-04-08 17:26

回答 1 已采纳 There is a great article here: http://codex.wordpress.org/Nginx on NGINX configs for Wordpress, he
如何在php-fpm / nginx上停止php脚本执行？ nginx php
2015-11-27 10:35

回答 1 已采纳 So we found out that it's a register_shutdown_function callback that prevents your script from exi
Nginx +重写+ php-fpm =混乱 nginx php
2014-01-27 19:17

回答 1 已采纳 I used above rules outside location segment and it works! I tried viewing my page in different bro
CentOS 6.2编译安装Nginx1.2.0+MySQL5.5.25+PHP5.3.13+博客系统WordPress3.3.2
2012-09-12 09:40

benben_1678的博客说明：操作系统：CentOS 6.2 32位系统安装教程：CentOS 6.2安装(超级详细图解... ...一、配置好IP、DNS 、网关，确保使用远程连接工具能够连接服务器 CentOS 设置IP地址、网关、DNS教程：http://www.osyunwei.
NGINX，将少数本地主机转发到php-fpm nginx php
2017-02-09 13:11

回答 1 已采纳 It may be simpler to create a location block for each PHP root: server { listen 80; root
nginx没有生成任何php-fpm.sock任何人有任何想法为什么？ nginx php
2015-01-26 15:35

回答 2 已采纳 I have solved the issue and figured out why it wasn't creating the socket... I thought I would t
Docker生产准备好php-fpm和nginx配置 docker nginx php
2017-04-25 22:06

回答 2 已采纳 At this time I use smth like: Dockerfile: FROM php:fpm COPY . /var/www/app/ WORKDIR /var/www/app
ansible-playbook基于角色一键交付wordpress+zrlog+phpmyadmin项目
2021-10-10 21:08

万wu皆可爱的博客功能模块:指的是生产使用到的应用软件，比如Nginx、PHP、Haproxy、Keepalived等这类应用服务的安装和管理，每一个功能我们创建一个roles角色来存放，我们把这个目录的集合称之为“功能模块"。 3.业务模块:在功能模块...
nginx php-fpm配置命中儿童限制 nginx php
2017-01-10 15:01

回答 1 已采纳 You may not only take in account the memory usage of PHP but also the concurrent CPU usage. If yo
Nginx WEB从入门到放弃
2024-03-02 17:09

电子取证纯干货的博客搞懂nginx，永远收益
Nginx教程（小白必看，看了必会，不看血亏），
2022-09-13 18:12

云闲不收的博客 Nginx是lgor Sysoev为俄罗斯访问量第二的rambler.ru站点设计开发的。...Nginx的稳定性、功能集、示例配置文件和低系统资源的消耗让他后来居上，在全球活跃的网站中有12.18%的使用比率，大约为2220万个网站。
没有解决我的问题, 去提问

悬赏问题

¥20 易康econgnition精度验证
¥15 线程问题判断多次进入
¥15 msix packaging tool打包问题
¥28 微信小程序开发页面布局没问题，真机调试的时候页面布局就乱了
¥15 python的qt5界面
¥15 无线电能传输系统MATLAB仿真问题
¥50 如何用脚本实现输入法的热键设置
¥20 我想使用一些网络协议或者部分协议也行，主要想实现类似于traceroute的一定步长内的路由拓扑功能
¥30 深度学习，前后端连接
¥15 孟德尔随机化结果不一致

码龄粉丝数原力等级 --

Wordpress + nginx + php-fpm网站似乎受到了损害？ nginx（404,502，坏网关）和shell没有功能

0条回答默认最新

悬赏问题

Wordpress + nginx + php-fpm网站似乎受到了损害？ nginx（404,502，坏网关）和shell没有功能

0条回答 默认 最新

悬赏问题

0条回答默认最新