FAIL2BAN - Filter.d - http-php-code-inj
From IT-Arts.net
! Should be customized to your needs !
Filter.d
[Definition]
# http-php-code-inj.conf
# PHP Code Injection
# Matches PHP-based code injection attempts such as `<?php eval($_POST[cmd]); ?>`
failregex = ^<HOST>.*(\<\?php.*eval.*\$_POST.*\;\?\>).*
ignoreregex =
Jail.conf
[http-php-code-inj] enabled = true banaction = %(banaction_allports)s logpath = /var/log/nginx/*.access.log maxretry = 1 bantime = -1 findtime = 3d backend = polling
