Add filter for wordpress from wp-fail2ban.readthedocs.io/en/3.6/filters.html. Modify jail.local.

2018-11-23 16:53:26 +01:00
parent 34758ef63a
commit 61d02b0f84
3 changed files with 85 additions and 23 deletions
--- a/0.10.2/filter.d/wordpress-hard.conf
+++ b/0.10.2/filter.d/wordpress-hard.conf
@ -0,0 +1,27 @@
+# Fail2Ban filter for WordPress hard failures
+# Auto-generated: 2018-11-04T16:40:53+00:00
+#
+
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+_daemon = (?:wordpress|wp)
+
+failregex = ^%(__prefix_line)sBlocked authentication attempt for .* from <HOST>$
+            ^%(__prefix_line)sBlocked user enumeration attempt from <HOST>$
+            ^%(__prefix_line)sSpam comment \d+ from <HOST>$
+            ^%(__prefix_line)sXML-RPC multicall authentication failure from <HOST>$
+            ^%(__prefix_line)sPingback error .* generated from <HOST>$
+            ^%(__prefix_line)sAuthentication attempt for unknown user .* from <HOST>$
+            ^%(__prefix_line)sXML-RPC authentication attempt for unknown user .* from <HOST>$
+
+ignoreregex =
+
+# DEV Notes:
+# Requires the 'WP fail2ban' plugin:
+# https://github.com/invisnet/wp-fail2ban/
+#
+# Author: Charles Lecklider
--- a/0.10.2/filter.d/wordpress-soft.conf
+++ b/0.10.2/filter.d/wordpress-soft.conf
@ -0,0 +1,22 @@
+# Fail2Ban filter for WordPress soft failures
+# Auto-generated: 2018-11-04T16:40:53+00:00
+#
+
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+_daemon = (?:wordpress|wp)
+
+failregex = ^%(__prefix_line)sAuthentication failure for .* from <HOST>$
+            ^%(__prefix_line)sXML-RPC authentication failure for .* from <HOST>$
+
+ignoreregex =
+
+# DEV Notes:
+# Requires the 'WP fail2ban' plugin:
+# https://github.com/invisnet/wp-fail2ban/
+#
+# Author: Charles Lecklider