Support > Security
Elxis Defender custom rules - examples Requested URI
(1/1)
perseas:
I notice in the error.log file that someone is scanning URLs
[2018-11-01 00:27:22] FATAL ERROR. Reference code: SEC-URI-0006 URL: /1/index.m3u8
[2018-11-01 05:22:03] ERROR 404 (Page not found). Reference code: E404-CCON-0004 URL: _query.php
[2018-11-01 05:22:05] ERROR 404 (Page not found). Reference code: E404-CCON-0004 URL: db_cts.php
[2018-11-01 05:22:25] ERROR 404 (Page not found). Reference code: E404-CCON-0004 URL: lala-dpr.php
[2018-11-01 05:22:49] ERROR 404 (Page not found). Reference code: E404-CCON-0004 URL: phpMyAdmin/scripts/setup.php
[2018-11-01 05:22:50] ERROR 404 (Page not found). Reference code: E404-CCON-0004 URL: phpMyAdmin/scripts/db___.init.php
[2018-11-01 17:20:18] ERROR 404 (Page not found). Reference code: E404-CCON-0004 URL: java.php
[2018-11-01 17:21:06] ERROR 404 (Page not found). Reference code: E404-CCON-0004 URL: log.php
[2018-11-01 17:21:22] ERROR 404 (Page not found). Reference code: E404-CCON-0004 URL: htdocs.php
[2018-11-01 17:21:31] ERROR 404 (Page not found). Reference code: E404-CCON-0004 URL: desktop.ini.php
[2018-11-02 01:07:41] ERROR 404 (Page not found). Reference code: E404-CCON-0004 URL: mydomain.gr.zip
[2018-11-02 02:25:28] ERROR 404 (Page not found). Reference code: E404-CCON-0004 URL: hls/1/stream.m3u8
Whow can i ban/block Requested URI in Elxis Defender custom rules ?
Can anyone give me examples of array? The following is right;
--- Code: ---array('URI,QUERY', 'index\.m3u8|1\index.m3u8|_query\.php|test\.php|db_pma\.php|logon\.php|help-e\.php|log\.php|hell\.php|pmd_online\.php|x\.php|shell\.php|htdocs\.php|z\.php|lala\.php|lala-dpr\.php', 'Other CMS scan'),
--- End code ---
Navigation
[0] Message Index
Go to full version