install/fail2ban
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add filter for wordpress from wp-fail2ban.readthedocs.io/en/3.6/filters.html. Modify jail.local.

Browse Source
This commit is contained in:
Christoph 2018-11-23 16:53:26 +01:00
parent 34758ef63a
commit 61d02b0f84
3 changed files with 85 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
0.10.2/filter.d/wordpress-hard.conf Normal file
View File

@ -0,0 +1,27 @@
# Fail2Ban filter for WordPress hard failures
# Auto-generated: 2018-11-04T16:40:53+00:00
#
[INCLUDES]
before = common.conf
[Definition]
_daemon = (?:wordpress|wp)
failregex = ^%(__prefix_line)sBlocked authentication attempt for .* from <HOST>$
^%(__prefix_line)sBlocked user enumeration attempt from <HOST>$
^%(__prefix_line)sSpam comment \d+ from <HOST>$
^%(__prefix_line)sXML-RPC multicall authentication failure from <HOST>$
^%(__prefix_line)sPingback error .* generated from <HOST>$
^%(__prefix_line)sAuthentication attempt for unknown user .* from <HOST>$
^%(__prefix_line)sXML-RPC authentication attempt for unknown user .* from <HOST>$
ignoreregex =
# DEV Notes:
# Requires the 'WP fail2ban' plugin:
# https://github.com/invisnet/wp-fail2ban/
#
# Author: Charles Lecklider

22
0.10.2/filter.d/wordpress-soft.conf Normal file
View File

@ -0,0 +1,22 @@
# Fail2Ban filter for WordPress soft failures
# Auto-generated: 2018-11-04T16:40:53+00:00
#
[INCLUDES]
before = common.conf
[Definition]
_daemon = (?:wordpress|wp)
failregex = ^%(__prefix_line)sAuthentication failure for .* from <HOST>$
^%(__prefix_line)sXML-RPC authentication failure for .* from <HOST>$
ignoreregex =
# DEV Notes:
# Requires the 'WP fail2ban' plugin:
# https://github.com/invisnet/wp-fail2ban/
#
# Author: Charles Lecklider

59
0.10.2/jail.local
View File

@ -63,7 +63,7 @@ enabled = true
[postfix-sasl] [postfix-sasl]
enabled = true enabled = false
# - Take care to allowh 'whois' requests from this mashine. Maybe # - Take care to allowh 'whois' requests from this mashine. Maybe
# - you have configure your firewall # - you have configure your firewall
action = %(action_mwl)s action = %(action_mwl)s
@ -76,7 +76,7 @@ bantime = 3600
[postfix-sasl-dos] [postfix-sasl-dos]
enabled = true enabled = false
# - Take care to allowh 'whois' requests from this mashine. Maybe # - Take care to allowh 'whois' requests from this mashine. Maybe
# - you have configure your firewall # - you have configure your firewall
action = %(action_mwl)s action = %(action_mwl)s
@ -92,7 +92,7 @@ bantime = 10800
[dovecot] [dovecot]
enabled = true enabled = false
# - Take care to allowh 'whois' requests from this mashine. Maybe # - Take care to allowh 'whois' requests from this mashine. Maybe
# - you have configure your firewall # - you have configure your firewall
action = %(action_mwl)s action = %(action_mwl)s
@ -107,26 +107,39 @@ findtime = 1200
bantime = 1800 bantime = 1800
[wp-login] # - Replaced with 'wordpress-hard' and 'wordpress-soft'
enabled = true #[wp-login]
action = %(action_mbu)s #enabled = false
filter = wp-login #action = %(action_mbu)s
#filter = wp-login
#port = http,https
#logpath = /var/log/apache2/ip_requests.log
#maxretry = 10
#findtime = 600
#bantime = 10800
#
#
#[wp-xmlrpc]
#enabled = false
#action = %(action_mbu)s
#filter = wp-xmlrpc
#port = http,https
#logpath = /var/log/apache2/ip_requests.log
#maxretry = 5
#findtime = 600
#bantime = 10800
[wordpress-hard]
enabled = false
filter = wordpress-hard
logpath = /var/log/auth.log
maxretry = 1
port = http,https port = http,https
logpath = /var/log/apache2/ipv4_requests.log
/var/log/apache2/ip_requests.log
maxretry = 10
findtime = 600
bantime = 10800
[wordpress-soft]
[wp-xmlrpc] enabled = false
enabled = true filter = wordpress-soft
action = %(action_mbu)s logpath = /var/log/auth.log
filter = wp-xmlrpc maxretry = 3
port = http,https port = http,https
logpath = /var/log/apache2/ipv4_requests.log
/var/log/apache2/ip_requests.log
maxretry = 5
findtime = 600
bantime = 10800