FAIL2BAN - Filter.d - http-shell-command
From IT-Arts.net
Filter.d
! Should be customized to your needs !
[Definition]
# http-shell-command.conf
# Attempted Shell Command Execution in URLs (e.g., using ?cmd=)
# This could indicate an attempt to execute system commands via web apps.
failregex = ^<HOST>.*(\?cmd=|system\(|exec\().*$
ignoreregex =
Jail.conf
[http-shell-command] enabled = true banaction = %(banaction_allports)s logpath = /var/log/nginx/*.access.log maxretry = 1 bantime = -1 findtime = 3d backend = polling
