1. The php-url-fopen jail enabled. This jail is purposely vague because that is how the attack works. It is partially Facebook's problem that their URLs look like attacks.

2. What ever browser triggered this should be connecting to Facebook and not your server. Obviously it does not like the protocol relative URL (which can be fixed by just putting https: - or http: if you never used a secure connection - in the original page.)

- Y

Sent from a gizmo with a very small keyboard and hyperactive autocorrect.

On Dec 10, 2013 11:56 AM, "7stars" <amoza@email.it> wrote:

what can you say about these lines...? i can't understand this behavior

The IP has just been banned by Fail2Ban after
1 attempts against php-url-fopen. - - [10/Dec/2013:15:13:39 +0100] "GET /it/ HTTP/1.1" 200 38828 - - [10/Dec/2013:15:13:41 +0100] "GET //www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/mypage&amp;width=300&amp;colorscheme=light&amp;show_faces=true&amp;border_color= HTTP/1.1" 404 257

here i just replaced my name page with "mypage" for privacy...

thank you

Caselle da 1GB, trasmetti allegati fino a 3GB e in piu' IMAP, POP3 e SMTP autenticato? GRATIS solo con Email.it

Week end nella capitali europee, con i voli low cost. Trova il tuo
Clicca qui

Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
Fail2ban-users mailing list