adjust wordpress filter..

2023-03-16 10:04:56 +01:00 · 2023-03-16 10:04:56 +01:00 · dc048a6d88
commit dc048a6d88
parent ee69c17ce8
2 changed files with 67 additions and 49 deletions
--- a/0.10.2/filter.d/wordpress-hard.conf
+++ b/0.10.2/filter.d/wordpress-hard.conf
@ -1,27 +1,36 @@
-# Fail2Ban filter for WordPress hard failures
-# Auto-generated: 2018-11-04T16:40:53+00:00
-#
-
-[INCLUDES]
-
-before = common.conf
-
-[Definition]
-
-_daemon = (?:wordpress|wp)
-
-failregex = ^%(__prefix_line)sBlocked authentication attempt for .* from <HOST>$
-            ^%(__prefix_line)sBlocked user enumeration attempt from <HOST>$
-            ^%(__prefix_line)sSpam comment \d+ from <HOST>$
-            ^%(__prefix_line)sXML-RPC multicall authentication failure from <HOST>$
-            ^%(__prefix_line)sPingback error .* generated from <HOST>$
-            ^%(__prefix_line)sAuthentication attempt for unknown user .* from <HOST>$
-            ^%(__prefix_line)sXML-RPC authentication attempt for unknown user .* from <HOST>$
-
-ignoreregex =
-
-# DEV Notes:
-# Requires the 'WP fail2ban' plugin:
-# https://github.com/invisnet/wp-fail2ban/
-#
-# Author: Charles Lecklider
+# Fail2Ban configuration file
+#
+# Author: Charles Lecklider 2012-2016
+# Author: Brandon Allen     2016-2019
+#
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+
+[Definition]
+
+_daemon = wp
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+failregex = ^%(__prefix_line)sAuthentication attempt for unknown user .* from <HOST>$
+            ^%(__prefix_line)sBlocked authentication attempt for .* from <HOST>$
+            ^%(__prefix_line)sBlocked user enumeration attempt from <HOST>$
+            ^%(__prefix_line)sPingback error .* generated from <HOST>$
+            ^%(__prefix_line)sSpammed comment from <HOST>$
+            ^%(__prefix_line)sXML-RPC multicall authentication failure from <HOST>$
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =
--- a/0.10.2/filter.d/wordpress-soft.conf
+++ b/0.10.2/filter.d/wordpress-soft.conf
@ -1,22 +1,31 @@
-# Fail2Ban filter for WordPress soft failures
-# Auto-generated: 2018-11-04T16:40:53+00:00
-#
-
-[INCLUDES]
-
-before = common.conf
-
-[Definition]
-
-_daemon = (?:wordpress|wp)
-
-failregex = ^%(__prefix_line)sAuthentication failure for .* from <HOST>$
-            ^%(__prefix_line)sXML-RPC authentication failure for .* from <HOST>$
-
-ignoreregex =
-
-# DEV Notes:
-# Requires the 'WP fail2ban' plugin:
-# https://github.com/invisnet/wp-fail2ban/
-#
-# Author: Charles Lecklider
+# Fail2Ban configuration file
+#
+# Author: Charles Lecklider 2012-2016
+# Author: Brandon Allen     2016-2019
+#
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+
+[Definition]
+
+_daemon = wp
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+failregex = ^%(__prefix_line)sAuthentication failure for .* from <HOST>$
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =