We’ve release a filter for the amasty feed plugin vulnerability (more information here). Anyone using this plugin should update immediately!

The filter is placed inside /data/web/nginx/amastyfeed.conf. If you updated your plugin and want to disable the filter, please comment out the filters in that file.

We now also deny any requests made towards the /shell/ directory with a 403.