基于宝塔面板nginx配置的WordPress网站防御攻击指南

之前老白博客@老白分享过一篇利用17ce测速网站攻击小型WordPress网站的文章,一直没来得及写相关的防御教程。今天便和大家分享一下两种WordPress网站防御攻击指南:一个是利用宝塔面板nginx防火墙添加ip黑名单实现的,另外一种则是通过更改服务器nginx配置实现的,后者除了能防御来自17ce等测速网站的攻击外,还能实现防止SQL注入、XSS攻击的功能。

images.png.webp

前言

17ce测速网站(https://www.17ce.com/)是一个面向站长的网站速度测试网站,可以获取网站在国内不同地区、世界各地的访问情况,因此该网站在世界各地都有大量的服务器用于测速。这些服务器在同时对小型网站进行访问测试时,便会加大服务器的负载。对于小型网站(121)其实也没有多大的影响,但是有心人利用17的漏洞便会让小型网站服务器负载百分百,甚至可以实现大型论坛服务器关机。因此,无论是个人小站还是大型论坛,防御17ce攻击,提高网站安全防护能力都是非常有必要的。

nginx防火墙添加ip黑名单

基本原理:通过ip黑名单添加17ce等测速网站服务器ip地址,禁止其访问即可。缺点—ip地址可能随时会有更新。关于宝塔面板的nginx防火墙老白博客@老白我之前分享过,但是现在宝塔官方免费防火墙已经下架了,换成付费插件了。

不过大家无需担心,“明国三年一场雨”发布了新的宝塔面板nginx防火墙插件,完全免费,功能和之前的免费版插件类似

https://www.bt.cn/bbs/thread-39649-1-1.html

1.打开nginx免费防火墙,点击全局配置

基于宝塔面板nginx配置的WordPress网站防御攻击指南

 

2.选择ip黑名单

 

基于宝塔面板nginx配置的WordPress网站防御攻击指南

3.添加如下ip即可(此为针对宝塔面板格式的ip地址:2020.7.25)

[
[[47,90,98,206],[47,90,98,206]],
[[120,239,81,196],[120,239,81,196]],
[[103,246,10,75],[103,246,10,75]],
[[112,118,170,196],[112,118,170,196]],
[[61,172,243,6],[61,172,243,6]],
[[120,85,94,98],[120,85,94,98]],
[[125,31,23,243],[125,31,23,243]],
[[120,197,165,86],[120,197,165,86]],
[[112,123,159,2],[112,123,159,2]],
[[183,134,218,148],[183,134,218,148]],
[[14,17,114,193],[14,17,114,193]],
[[183,2,247,137],[183,2,247,137]],
[[36,148,125,40],[36,148,125,40]],
[[162,219,32,82],[162,219,32,82]],
[[117,166,67,105],[117,166,67,105]],
[[122,226,181,86],[122,226,181,86]],
[[43,225,181,22],[43,225,181,22]],
[[223,198,133,107],[223,198,133,107]],
[[218,29,128,229],[218,29,128,229]],
[[219,138,163,114],[219,138,163,114]],
[[36,250,94,218],[36,250,94,218]],
[[180,162,166,149],[180,162,166,149]],
[[61,54,25,100],[61,54,25,100]],
[[39,177,152,208],[39,177,152,208]],
[[122,193,54,180],[122,193,54,180]],
[[180,140,11,182],[180,140,11,182]],
[[112,32,206,126],[112,32,206,126]],
[[111,19,132,243],[111,19,132,243]],
[[180,97,195,70],[180,97,195,70]],
[[123,147,79,106],[123,147,79,106]],
[[117,183,111,174],[117,183,111,174]],
[[222,217,213,201],[222,217,213,201]],
[[140,240,62,194],[140,240,62,194]],
[[223,111,161,228],[223,111,161,228]],
[[58,19,228,123],[58,19,228,123]],
[[119,36,8,210],[119,36,8,210]],
[[112,32,180,60],[112,32,180,60]],
[[110,185,54,252],[110,185,54,252]],
[[123,127,77,124],[123,127,77,124]],
[[110,229,45,7],[110,229,45,7]],
[[112,47,217,56],[112,47,217,56]],
[[60,26,215,203],[60,26,215,203]],
[[120,242,166,72],[120,242,166,72]],
[[36,155,93,20],[36,155,93,20]],
[[117,181,57,154],[117,181,57,154]],
[[114,251,216,139],[114,251,216,139]],
[[61,174,253,11],[61,174,253,11]],
[[171,34,222,206],[171,34,222,206]],
[[218,68,229,40],[218,68,229,40]],
[[117,27,142,38],[117,27,142,38]],
[[119,188,249,195],[119,188,249,195]],
[[111,19,77,147],[111,19,77,147]],
[[153,36,240,125],[153,36,240,125]],
[[14,204,180,116],[14,204,180,116]],
[[36,231,205,193],[36,231,205,193]],
[[124,163,211,132],[124,163,211,132]],
[[112,123,109,128],[112,123,109,128]],
[[113,18,195,25],[113,18,195,25]],
[[222,129,59,128],[222,129,59,128]],
[[182,90,201,49],[182,90,201,49]],
[[182,117,126,235],[182,117,126,235]],
[[60,9,4,3],[60,9,4,3]],
[[120,192,38,196],[120,192,38,196]],
[[39,104,24,18],[39,104,24,18]],
[[42,236,211,72],[42,236,211,72]],
[[112,50,67,158],[112,50,67,158]],
[[119,181,139,40],[119,181,139,40]],
[[61,132,226,210],[61,132,226,210]],
[[116,255,133,152],[116,255,133,152]],
[[59,63,224,178],[59,63,224,178]],
[[103,235,226,133],[103,235,226,133]],
[[119,181,139,55],[119,181,139,55]],
[[171,37,86,62],[171,37,86,62]],
[[58,22,1,21],[58,22,1,21]],
[[122,118,214,164],[122,118,214,164]],
[[221,12,127,75],[221,12,127,75]],
[[218,201,242,50],[218,201,242,50]],
[[42,86,98,3],[42,86,98,3]],
[[124,236,95,79],[124,236,95,79]],
[[117,183,196,97],[117,183,196,97]],
[[117,27,142,37],[117,27,142,37]],
[[115,218,213,223],[115,218,213,223]],
[[120,235,192,204],[120,235,192,204]],
[[119,85,163,231],[119,85,163,231]],
[[124,126,212,104],[124,126,212,104]],
[[183,199,133,51],[183,199,133,51]],
[[223,242,176,127],[223,242,176,127]],
[[120,201,2,181],[120,201,2,181]],
[[113,6,248,37],[113,6,248,37]],
[[60,222,193,17],[60,222,193,17]],
[[112,38,193,170],[112,38,193,170]],
[[112,64,1,69],[112,64,1,69]],
[[111,29,90,205],[111,29,90,205]],
[[60,223,115,7],[60,223,115,7]],
[[124,236,58,147],[124,236,58,147]],
[[183,226,69,171],[183,226,69,171]],
[[113,58,15,137],[113,58,15,137]],
[[220,202,200,152],[220,202,200,152]],
[[112,54,25,185],[112,54,25,185]],
[[58,16,138,106],[58,16,138,106]],
[[61,150,69,77],[61,150,69,77]],
[[14,111,54,141],[14,111,54,141]],
[[58,21,118,155],[58,21,118,155]],
[[27,13,165,40],[27,13,165,40]],
[[36,49,31,231],[36,49,31,231]],
[[101,206,62,62],[101,206,62,62]],
[[39,104,56,16],[39,104,56,16]],
[[1,81,7,229],[1,81,7,229]],
[[123,181,86,235],[123,181,86,235]],
[[111,34,92,113],[111,34,92,113]],
[[36,33,203,132],[36,33,203,132]],
[[113,6,248,38],[113,6,248,38]],
[[222,34,49,20],[222,34,49,20]],
[[36,103,227,235],[36,103,227,235]],
[[223,11,143,37],[223,11,143,37]],
[[39,158,142,108],[39,158,142,108]],
[[222,163,115,137],[222,163,115,137]],
[[223,95,183,152],[223,95,183,152]],
[[123,160,10,234],[123,160,10,234]],
[[121,206,166,43],[121,206,166,43]],
[[183,225,202,67],[183,225,202,67]],
[[122,115,226,201],[122,115,226,201]],
[[106,5,235,216],[106,5,235,216]],
[[111,26,40,211],[111,26,40,211]],
[[61,160,200,66],[61,160,200,66]],
[[39,154,128,150],[39,154,128,150]],
[[14,204,161,104],[14,204,161,104]],
[[222,169,54,30],[222,169,54,30]],
[[36,148,68,173],[36,148,68,173]],
[[42,63,48,93],[42,63,48,93]],
[[60,15,210,207],[60,15,210,207]],
[[123,161,150,190],[123,161,150,190]],
[[180,130,236,61],[180,130,236,61]],
[[139,9,227,242],[139,9,227,242]],
[[42,122,137,249],[42,122,137,249]],
[[14,134,76,127],[14,134,76,127]],
[[42,91,157,177],[42,91,157,177]],
[[223,198,148,4],[223,198,148,4]],
[[112,101,100,57],[112,101,100,57]],
[[221,199,37,35],[221,199,37,35]],
[[117,179,160,50],[117,179,160,50]],
[[59,63,203,138],[59,63,203,138]],
[[111,25,84,195],[111,25,84,195]],
[[39,154,166,215],[39,154,166,215]],
[[36,157,225,239],[36,157,225,239]],
[[36,148,68,205],[36,148,68,205]],
[[112,103,213,87],[112,103,213,87]],
[[223,221,37,112],[223,221,37,112]],
[[223,95,57,79],[223,95,57,79]],
[[59,47,37,58],[59,47,37,58]],
[[118,180,52,69],[118,180,52,69]],
[[117,188,36,60],[117,188,36,60]],
[[117,157,39,244],[117,157,39,244]],
[[223,9,11,229],[223,9,11,229]],
[[111,44,183,215],[111,44,183,215]],
[[111,30,237,161],[111,30,237,161]],
[[111,44,130,215],[111,44,130,215]],
[[120,211,142,41],[120,211,142,41]],
[[182,200,61,61],[182,200,61,61]],
[[117,157,203,21],[117,157,203,21]],
[[113,138,171,130],[113,138,171,130]],
[[111,26,40,230],[111,26,40,230]],
[[101,249,10,13],[101,249,10,13]],
[[112,44,139,100],[112,44,139,100]],
[[211,93,1,10],[211,93,1,10]],
[[183,198,123,108],[183,198,123,108]],
[[101,249,67,235],[101,249,67,235]],
[[36,107,229,198],[36,107,229,198]],
[[124,118,241,76],[124,118,241,76]],
[[36,188,244,11],[36,188,244,11]],
[[112,209,113,7],[112,209,113,7]],
[[222,80,203,11],[222,80,203,11]],
[[36,162,179,250],[36,162,179,250]],
[[120,69,45,81],[120,69,45,81]],
[[183,195,86,231],[183,195,86,231]],
[[117,179,80,102],[117,179,80,102]],
[[23,236,103,210],[23,236,103,210]],
[[183,206,78,95],[183,206,78,95]],
[[223,116,178,79],[223,116,178,79]],
[[122,97,220,88],[122,97,220,88]],
[[111,44,237,187],[111,44,237,187]],
[[114,236,137,244],[114,236,137,244]],
[[223,104,178,167],[223,104,178,167]],
[[111,49,9,179],[111,49,9,179]],
[[59,102,125,14],[59,102,125,14]],
[[123,139,159,98],[123,139,159,98]],
[[36,113,98,61],[36,113,98,61]],
[[210,47,163,73],[210,47,163,73]],
[[223,128,111,60],[223,128,111,60]],
[[120,227,136,39],[120,227,136,39]],
[[113,210,69,1],[113,210,69,1]],
[[219,219,12,98],[219,219,12,98]],
[[113,210,59,116],[113,210,59,116]],
[[41,60,100,56],[41,60,100,56]],
[[221,234,40,20],[221,234,40,20]],
[[183,63,47,223],[183,63,47,223]],
[[42,122,172,212],[42,122,172,212]],
[[117,152,241,26],[117,152,241,26]],
[[59,53,95,157],[59,53,95,157]],
[[124,238,65,22],[124,238,65,22]],
[[1,25,46,149],[1,25,46,149]],
[[117,176,185,93],[117,176,185,93]],
[[223,104,178,185],[223,104,178,185]],
[[106,115,176,220],[106,115,176,220]],
[[192,225,226,164],[192,225,226,164]],
[[116,98,26,171],[116,98,26,171]],
[[124,244,129,92],[124,244,129,92]],
[[106,58,168,215],[106,58,168,215]],
[[223,88,252,181],[223,88,252,181]],
[[27,36,131,248],[27,36,131,248]],
[[183,254,238,177],[183,254,238,177]],
[[61,153,111,130],[61,153,111,130]],
[[58,20,145,28],[58,20,145,28]],
[[122,226,182,198],[122,226,182,198]],
[[116,1,31,170],[116,1,31,170]],
[[120,85,94,128],[120,85,94,128]],
[[223,166,144,225],[223,166,144,225]],
[[58,16,47,196],[58,16,47,196]],
[[58,53,128,194],[58,53,128,194]],
[[171,34,176,210],[171,34,176,210]],
[[171,34,216,135],[171,34,216,135]],
[[58,22,0,222],[58,22,0,222]],
[[27,37,52,12],[27,37,52,12]],
[[36,250,169,105],[36,250,169,105]],
[[183,254,79,208],[183,254,79,208]],
[[119,36,30,15],[119,36,30,15]],
[[125,37,191,92],[125,37,191,92]],
[[223,73,43,199],[223,73,43,199]],
[[223,198,48,205],[223,198,48,205]],
[[175,181,157,121],[175,181,157,121]],
[[118,161,149,155],[118,161,149,155]],
[[171,37,85,128],[171,37,85,128]],
[[117,188,209,235],[117,188,209,235]],
[[171,35,156,47],[171,35,156,47]],
[[27,50,165,37],[27,50,165,37]],
[[183,195,84,158],[183,195,84,158]],
[[122,191,239,110],[122,191,239,110]],
[[223,198,65,60],[223,198,65,60]],
[[111,58,253,97],[111,58,253,97]],
[[120,242,244,15],[120,242,244,15]],
[[120,242,156,11],[120,242,156,11]],
[[113,205,158,18],[113,205,158,18]],
[[113,94,25,230],[113,94,25,230]],
[[112,50,71,213],[112,50,71,213]],
[[116,171,248,32],[116,171,248,32]],
[[180,136,100,177],[180,136,100,177]],
[[223,150,124,19],[223,150,124,19]],
[[59,63,204,146],[59,63,204,146]],
[[120,202,149,39],[120,202,149,39]],
[[180,123,215,140],[180,123,215,140]],
[[112,49,154,44],[112,49,154,44]],
[[27,155,235,232],[27,155,235,232]],
[[60,25,10,219],[60,25,10,219]],
[[223,91,32,1],[223,91,32,1]],
[[175,155,250,51],[175,155,250,51]],
[[221,193,57,217],[221,193,57,217]],
[[120,239,158,101],[120,239,158,101]],
[[183,199,195,86],[183,199,195,86]],
[[36,148,77,125],[36,148,77,125]],
[[116,177,5,12],[116,177,5,12]],
[[171,44,109,27],[171,44,109,27]],
[[106,47,4,121],[106,47,4,121]],
[[183,199,124,155],[183,199,124,155]],
[[60,27,193,212],[60,27,193,212]],
[[125,68,94,139],[125,68,94,139]],
[[182,246,160,71],[182,246,160,71]],
[[182,90,207,26],[182,90,207,26]],
[[117,166,110,227],[117,166,110,227]],
[[114,104,69,107],[114,104,69,107]],
[[106,87,10,177],[106,87,10,177]],
[[120,43,202,84],[120,43,202,84]],
[[111,121,82,23],[111,121,82,23]],
[[112,12,48,9],[112,12,48,9]],
[[183,228,24,47],[183,228,24,47]],
[[182,54,49,253],[182,54,49,253]],
[[112,13,92,120],[112,13,92,120]],
[[39,162,224,127],[39,162,224,127]],
[[111,18,72,22],[111,18,72,22]],
[[117,188,230,12],[117,188,230,12]],
[[120,243,155,169],[120,243,155,169]],
[[222,163,114,62],[222,163,114,62]],
[[122,115,226,162],[122,115,226,162]],
[[117,157,217,228],[117,157,217,228]],
[[14,205,140,71],[14,205,140,71]],
[[112,194,104,1],[112,194,104,1]],
[[110,180,255,249],[110,180,255,249]],
[[111,50,51,84],[111,50,51,84]],
[[112,42,216,36],[112,42,216,36]],
[[182,241,54,52],[182,241,54,52]],
[[111,50,238,4],[111,50,238,4]],
[[120,8,26,167],[120,8,26,167]],
[[111,25,67,223],[111,25,67,223]],
[[1,27,76,198],[1,27,76,198]],
[[1,58,142,103],[1,58,142,103]],
[[123,185,11,189],[123,185,11,189]],
[[112,116,209,24],[112,116,209,24]],
[[222,140,21,93],[222,140,21,93]],
[[123,139,159,125],[123,139,159,125]],
[[112,98,238,54],[112,98,238,54]],
[[42,88,179,174],[42,88,179,174]],
[[123,139,159,122],[123,139,159,122]],
[[183,202,148,29],[183,202,148,29]],
[[183,227,122,49],[183,227,122,49]],
[[117,179,70,154],[117,179,70,154]],
[[183,225,65,53],[183,225,65,53]],
[[124,88,168,242],[124,88,168,242]],
[[36,48,4,149],[36,48,4,149]],
[[175,155,255,20],[175,155,255,20]],
[[183,202,37,191],[183,202,37,191]],
[[59,45,115,27],[59,45,115,27]],
[[175,30,228,28],[175,30,228,28]],
[[223,116,146,20],[223,116,146,20]],
[[117,181,117,174],[117,181,117,174]],
[[223,104,178,177],[223,104,178,177]],
[[223,104,178,171],[223,104,178,171]],
[[115,132,179,234],[115,132,179,234]],
[[117,132,194,249],[117,132,194,249]],
[[218,84,24,87],[218,84,24,87]],
[[223,104,178,165],[223,104,178,165]],
[[36,102,238,154],[36,102,238,154]],
[[117,132,192,186],[117,132,192,186]],
[[45,43,31,5],[45,43,31,5]],
[[115,164,173,105],[115,164,173,105]],
[[124,67,21,79],[124,67,21,79]],
[[14,205,142,45],[14,205,142,45]],
[[223,128,127,209],[223,128,127,209]],
[[98,126,104,93],[98,126,104,93]],
[[61,160,200,31],[61,160,200,31]],
[[113,222,69,78],[113,222,69,78]],
[[112,42,71,36],[112,42,71,36]],
[[119,119,245,79],[119,119,245,79]],
[[36,102,210,45],[36,102,210,45]],
[[39,154,5,205],[39,154,5,205]],
[[42,236,10,78],[42,236,10,78]],
[[42,236,10,84],[42,236,10,84]],
[[101,89,29,92],[101,89,29,92]],
[[180,163,220,4],[180,163,220,4]]
]

修改宝塔面板nginx配置:防止SQL注入、XSS攻击

配置不解释(水平有限,解释不了),大家只需要将下方代码复制到宝塔面板——网站管理——配置文件——server下方即可

基于宝塔面板nginx配置的WordPress网站防御攻击指南

代码:网站配置文件——server下方


if ($request_method !~* GET|POST) { return 444; }
#使用444错误代码可以更加减轻服务器负载压力:www.xcbtmw.com。
#防止SQL注入:老白博客
if ($query_string ~* ($|'|--|[+|(%20)]union[+|(%20)]|[+|(%20)]insert[+|(%20)]|[+|(%20)]drop[+|(%20)]|[+|(%20)]truncate[+|(%20)]|[+|(%20)]update[+|(%20)]|[+|(%20)]from[+|(%20)]|[+|(%20)]grant[+|(%20)]|[+|(%20)]exec[+|(%20)]|[+|(%20)]where[+|(%20)]|[+|(%20)]select[+|(%20)]|[+|(%20)]and[+|(%20)]|[+|(%20)]or[+|(%20)]|[+|(%20)]count[+|(%20)]|[+|(%20)]exec[+|(%20)]|[+|(%20)]chr[+|(%20)]|[+|(%20)]mid[+|(%20)]|[+|(%20)]like[+|(%20)]|[+|(%20)]iframe[+|(%20)]|[<|%3c]script[>|%3e]|javascript|alert|webscan|dbappsecurity|style|confirm(|innerhtml|innertext)(.*)$) { return 555; }
if ($uri ~* (/~).*) { return 501; }
if ($uri ~* (x.)) { return 501; }
#防止SQL注入 
if ($query_string ~* "[;'<>].*") { return 509; }
if ($request_uri ~ " ") { return 509; }
if ($request_uri ~ (/.+)) { return 509; }
if ($request_uri ~ (.+/)) { return 509; }

#if ($uri ~* (insert|select|delete|update|count|master|truncate|declare|exec|*|')(.*)$ ) { return 503; }
#防止SQL注入
if ($request_uri ~* "(cost()|(concat()") { return 504; }
if ($request_uri ~* "[+|(%20)]union[+|(%20)]") { return 504; }
if ($request_uri ~* "[+|(%20)]and[+|(%20)]") { return 504; }
if ($request_uri ~* "[+|(%20)]select[+|(%20)]") { return 504; }
if ($request_uri ~* "[+|(%20)]or[+|(%20)]") { return 504; }
if ($request_uri ~* "[+|(%20)]delete[+|(%20)]") { return 504; }
if ($request_uri ~* "[+|(%20)]update[+|(%20)]") { return 504; }
if ($request_uri ~* "[+|(%20)]insert[+|(%20)]") { return 504; }
if ($query_string ~ "(<|%3C).*script.*(>|%3E)") { return 505; }
if ($query_string ~ "GLOBALS(=|[|%[0-9A-Z]{0,2})") { return 505; }
if ($query_string ~ "_REQUEST(=|[|%[0-9A-Z]{0,2})") { return 505; }
if ($query_string ~ "proc/self/environ") { return 505; }
if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|%3D)") { return 505; }
if ($query_string ~ "base64_(en|de)code(.*)") { return 505; }
if ($query_string ~ "[a-zA-Z0-9_]=http://") { return 506; }
if ($query_string ~ "[a-zA-Z0-9_]=(..//?)+") { return 506; }
if ($query_string ~ "[a-zA-Z0-9_]=/([a-z0-9_.]//?)+") { return 506; }
if ($query_string ~ "b(ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo)b") { return 507; }
if ($query_string ~ "b(erections|hoodia|huronriveracres|impotence|levitra|libido)b") {return 507; }
if ($query_string ~ "b(ambien|bluespill|cialis|cocaine|ejaculation|erectile)b") { return 507; }
if ($query_string ~ "b(lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby)b") { return 507; }
#这里大家根据自己情况添加删减上述判断参数,cURL、wget这类的屏蔽有点儿极端了,但要“宁可错杀一千,不可放过一个”。
if ($http_user_agent ~* YisouSpider|ApacheBench|WebBench|Jmeter|JoeDog|Havij|GetRight|TurnitinBot|GrabNet|masscan|mail2000|github|wget|curl|Java|python) { return 508; }
#同上,大家根据自己站点实际情况来添加删减下面的屏蔽拦截参数。
if ($http_user_agent ~* "Go-Ahead-Got-It") { return 508; }
if ($http_user_agent ~* "GetWeb!") { return 508; }
if ($http_user_agent ~* "Go!Zilla") { return 508; }
if ($http_user_agent ~* "Download Demon") { return 508; }
if ($http_user_agent ~* "Indy Library") { return 508; }
if ($http_user_agent ~* "libwww-perl") { return 508; }
if ($http_user_agent ~* "Nmap Scripting Engine") { return 508; }
if ($http_user_agent ~* "~17ce.com") { return 508; }
if ($http_user_agent ~* "WebBench*") { return 508; }
if ($http_user_agent ~* "spider") { return 508; } #这个会影响国内某些搜索引擎爬虫,比如:搜狗
#拦截各恶意请求的UA,可以通过分析站点日志文件或者waf日志作为参考配置。
if ($http_referer ~* 17ce.com) { return 509; }
#拦截17ce.com站点测速节点的请求,实现和老白第一种ip黑名单配置一样的功能。
if ($http_referer ~* WebBench*") { return 509; }
#拦截WebBench或者类似压力测试工具,其他工具只需要更换名称即可。

测试效果

现在我们再用17ce测速网站进行网站老白博客测试来看看效果

基于宝塔面板nginx配置的WordPress网站防御攻击指南