From d0a521557e3131fb9484937edd5bb3ddf29f7cfe Mon Sep 17 00:00:00 2001 From: Christoph Date: Fri, 23 Feb 2018 15:16:24 +0100 Subject: [PATCH] Add filters for wordpress. --- 0.10.2/filter.d/wp-login.local | 15 +++++++++++++++ 0.10.2/filter.d/wp-xmlrpc.local | 3 +++ 0.10.2/jail.local | 24 ++++++++++++++++++++++++ 3 files changed, 42 insertions(+) create mode 100644 0.10.2/filter.d/wp-login.local create mode 100644 0.10.2/filter.d/wp-xmlrpc.local diff --git a/0.10.2/filter.d/wp-login.local b/0.10.2/filter.d/wp-login.local new file mode 100644 index 0000000..14bdcbe --- /dev/null +++ b/0.10.2/filter.d/wp-login.local @@ -0,0 +1,15 @@ +[Definition] + +# WordPress führt nach einem erfolgreichen Login auf der “wp-login.php” +# einen 302-Redirect durch, fehlgeschlagene Logins hingegen werden mit +# dem HTTP-Status-Code 200 im Access-Log aufgezeichnet. +# +# Der Login Request ist ein "POST" Request. +# +# Logfile Definition: +# LogFormat "%h %v %p %t %r %>s \"%{User-Agent}i\" %T" base_requests +# + +failregex = ^ .* POST /wp-login\.php HTTP.* 200 .*$ +ignoreregex = + diff --git a/0.10.2/filter.d/wp-xmlrpc.local b/0.10.2/filter.d/wp-xmlrpc.local new file mode 100644 index 0000000..65749ed --- /dev/null +++ b/0.10.2/filter.d/wp-xmlrpc.local @@ -0,0 +1,3 @@ +[Definition] +failregex = ^ .* POST /xmlrpc\.php HTTP.* 200 .*$ +ignoreregex = diff --git a/0.10.2/jail.local b/0.10.2/jail.local index 48e7108..3b51a43 100644 --- a/0.10.2/jail.local +++ b/0.10.2/jail.local @@ -106,3 +106,27 @@ maxretry = 20 findtime = 1200 bantime = 1800 + +[wp-login] +enabled = true +action = %(action_mbu)s +filter = wp-login +port = http,https +logpath = /var/log/apache2/ipv4_requests.log + /var/log/apache2/ip_requests.log +maxretry = 10 +findtime = 600 +bantime = 10800 + + +[wp-xmlrpc] +enabled = true +action = %(action_mbu)s +filter = wp-xmlrpc +port = http,https +logpath = /var/log/apache2/ipv4_requests.log + /var/log/apache2/ip_requests.log +maxretry = 5 +findtime = 600 +bantime = 10800 +