install/fail2ban
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

adjust wordpress filter..

Browse Source
This commit is contained in:
Christoph 2023-03-16 10:04:56 +01:00
parent ee69c17ce8
commit dc048a6d88
2 changed files with 67 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
0.10.2/filter.d/wordpress-hard.conf
View File

@ -1,27 +1,36 @@
# Fail2Ban filter for WordPress hard failures # Fail2Ban configuration file
# Auto-generated: 2018-11-04T16:40:53+00:00 #
# # Author: Charles Lecklider 2012-2016
# Author: Brandon Allen 2016-2019
[INCLUDES] #
before = common.conf [INCLUDES]
[Definition] # Read common prefixes. If any customizations available -- read them from
# common.local
_daemon = (?:wordpress|wp) before = common.conf
failregex = ^%(__prefix_line)sBlocked authentication attempt for .* from <HOST>$
^%(__prefix_line)sBlocked user enumeration attempt from <HOST>$ [Definition]
^%(__prefix_line)sSpam comment \d+ from <HOST>$
^%(__prefix_line)sXML-RPC multicall authentication failure from <HOST>$ _daemon = wp
^%(__prefix_line)sPingback error .* generated from <HOST>$
^%(__prefix_line)sAuthentication attempt for unknown user .* from <HOST>$ # Option: failregex
^%(__prefix_line)sXML-RPC authentication attempt for unknown user .* from <HOST>$ # Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
ignoreregex = # be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# DEV Notes: # Values: TEXT
# Requires the 'WP fail2ban' plugin: #
# https://github.com/invisnet/wp-fail2ban/ failregex = ^%(__prefix_line)sAuthentication attempt for unknown user .* from <HOST>$
# ^%(__prefix_line)sBlocked authentication attempt for .* from <HOST>$
# Author: Charles Lecklider ^%(__prefix_line)sBlocked user enumeration attempt from <HOST>$
^%(__prefix_line)sPingback error .* generated from <HOST>$
^%(__prefix_line)sSpammed comment from <HOST>$
^%(__prefix_line)sXML-RPC multicall authentication failure from <HOST>$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

53
0.10.2/filter.d/wordpress-soft.conf
View File

@ -1,22 +1,31 @@
# Fail2Ban filter for WordPress soft failures # Fail2Ban configuration file
# Auto-generated: 2018-11-04T16:40:53+00:00 #
# # Author: Charles Lecklider 2012-2016
# Author: Brandon Allen 2016-2019
[INCLUDES] #
before = common.conf [INCLUDES]
[Definition] # Read common prefixes. If any customizations available -- read them from
# common.local
_daemon = (?:wordpress|wp) before = common.conf
failregex = ^%(__prefix_line)sAuthentication failure for .* from <HOST>$
^%(__prefix_line)sXML-RPC authentication failure for .* from <HOST>$ [Definition]
ignoreregex = _daemon = wp
# DEV Notes: # Option: failregex
# Requires the 'WP fail2ban' plugin: # Notes.: regex to match the password failures messages in the logfile. The
# https://github.com/invisnet/wp-fail2ban/ # host must be matched by a group named "host". The tag "<HOST>" can
# # be used for standard IP/hostname matching and is only an alias for
# Author: Charles Lecklider # (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = ^%(__prefix_line)sAuthentication failure for .* from <HOST>$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =