We’ve release a filter for the amasty feed plugin vulnerability (more information here). Anyone using this plugin should update immediately!
The filter is placed inside /data/web/nginx/amastyfeed.conf. If you updated your plugin and want to disable the filter, please comment out the filters in that file.
We now also deny any requests made towards the /shell/ directory with a 403.