From 7442fad6fc8f712eac32952f689dd763399b952d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Artur=20Ku=C5=9B?= <kusartur@gmail.com>
Date: Thu, 12 Mar 2026 21:51:27 +0100
Subject: [PATCH] blok scanners for php

---
 nginx-config/https/arti24.eu.conf       | 11 +++++++++++
 nginx-config/https/kursy.kopama.pl.conf | 11 +++++++++++
 nginx-config/https/plecianki.pl.conf    | 12 ++++++++++++
 3 files changed, 34 insertions(+)

diff --git a/nginx-config/https/arti24.eu.conf b/nginx-config/https/arti24.eu.conf
index 7f586c4..e4d6fa8 100755
--- a/nginx-config/https/arti24.eu.conf
+++ b/nginx-config/https/arti24.eu.conf
@@ -11,6 +11,17 @@ server {
   ssl_protocols TLSv1.2 TLSv1.3;
   ssl_ciphers         HIGH:!aNULL:!MD5;
  
+ # --- BLOCK COMMON SCANNERS / BOT ATTACKS ---
+    location ~* ^/(wp-admin|wp-content|wp-includes|xmlrpc\.php|phpmyadmin|vendor|setup|config|\.env|\.git|\.gitignore|\.htaccess|\.DS_Store|shell\.php|test\.php|admin\.php|login\.php) {
+        return 404;
+    }
+    
+    location ~* \.php$ {
+        return 404;
+    }
+
+# --- GŁÓWNY PROXY / Node.js ---
+location / {
  
   location / {
   
diff --git a/nginx-config/https/kursy.kopama.pl.conf b/nginx-config/https/kursy.kopama.pl.conf
index c66c016..fbfc06a 100644
--- a/nginx-config/https/kursy.kopama.pl.conf
+++ b/nginx-config/https/kursy.kopama.pl.conf
@@ -11,6 +11,17 @@ server {
   ssl_protocols TLSv1.2 TLSv1.3;
   ssl_ciphers         HIGH:!aNULL:!MD5;
  
+  # --- BLOCK COMMON SCANNERS / BOT ATTACKS ---
+    location ~* ^/(wp-admin|wp-content|wp-includes|xmlrpc\.php|phpmyadmin|vendor|setup|config|\.env|\.git|\.gitignore|\.htaccess|\.DS_Store|shell\.php|test\.php|admin\.php|login\.php) {
+        return 404;
+    }
+    
+    location ~* \.php$ {
+        return 404;
+    }
+    
+  # --- GŁÓWNY PROXY / Node.js ---
+ 
   location / {
      # Ograniczenie liczby żądań
     limit_req zone=ip_limit burst=20 nodelay;
diff --git a/nginx-config/https/plecianki.pl.conf b/nginx-config/https/plecianki.pl.conf
index 48e7fbb..800e6f7 100644
--- a/nginx-config/https/plecianki.pl.conf
+++ b/nginx-config/https/plecianki.pl.conf
@@ -11,6 +11,18 @@ server {
     ssl_protocols TLSv1.2 TLSv1.3;
     ssl_ciphers         HIGH:!aNULL:!MD5;
 
+
+    # --- BLOCK COMMON SCANNERS / BOT ATTACKS ---
+    location ~* ^/(wp-admin|wp-content|wp-includes|xmlrpc\.php|phpmyadmin|vendor|setup|config|\.env|\.git|\.gitignore|\.htaccess|\.DS_Store|shell\.php|test\.php|admin\.php|login\.php) {
+        return 404;
+    }
+
+    # blokada wszystkich plików PHP (Node.js nie obsługuje)
+    location ~* \.php$ {
+        return 404;
+    }
+
+    # --- GŁÓWNY PROXY / Node.js ---
     location / {
       
              # Ograniczenie liczby żądań