New feature – wp-login.php 302 redirect

  • Resolved robmeerwijk

    (@robmeerwijk)


    10 years, 3 months ago

    Hello all,

    I was suffering from bots that were repeatedly trying to reach mysite.org/wp-login.php and getting a 302. The bots would sometimes retry for days, eating up my server resources. So I added a trap for them and it works. I call it wordpress-302 and here it is:

    I added a filter in filter.d: wordpress-302.conf

    # Fail2Ban configuration file
#
# Author: Rob Meerwijk
#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf

[Definition]

_daemon = wordpress-302

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values:  TEXT
#
failregex  = ^.*:80 <HOST>.*(GET|POST).*/wp-login.php.*302.*$

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =

    I added the following lines to jail.local

    [wordpress-302]
enabled = true
port     = http,https
protocol = tcp
filter = wordpress-302
logpath = /var/log/apache2/other_vhosts_access.log
maxretry = 5
findtime = 3600
bantime = 3600

    And that should do the trick. E.g.:

    2014-11-23 19:39:26,300 fail2ban.actions: WARNING [wordpress-302] Ban 193.201.224.166
2014-11-23 20:39:27,084 fail2ban.actions: WARNING [wordpress-302] Unban 193.201.224.166
2014-11-24 05:01:12,455 fail2ban.actions: WARNING [wordpress-302] Ban 193.201.224.166
2014-11-24 06:01:12,565 fail2ban.actions: WARNING [wordpress-302] Unban 193.201.224.166
2014-11-28 15:42:37,316 fail2ban.actions: WARNING [wordpress-302] Ban 78.175.222.246
2014-11-28 16:42:38,051 fail2ban.actions: WARNING [wordpress-302] Unban 78.175.222.246
2014-11-29 08:00:03,706 fail2ban.actions: WARNING [wordpress-302] Ban 194.29.61.163
2014-11-29 09:00:03,739 fail2ban.actions: WARNING [wordpress-302] Unban 194.29.61.163

    Enjoy,

    Rob Meerwijk

    https://www.ads-software.com/plugins/wp-fail2ban/

  • The topic ‘New feature – wp-login.php 302 redirect’ is closed to new replies.