Working with 2.3.1 and not vith 3.5.1

  • Resolved bubaweb

    (@bubaweb)


    8 years, 7 months ago

    I have many wp site. with 2 or more debian server. I setup wpf2b ver. 2.3.1 with wordpress filter only and all is working well.

    as soon as I upgrade to 3.x.x no more work. I update filter and restart fal2ban, but no way to ban user.

    I have right data in log file:
    with 3.5.1
    Authentication attempt for unknown user admin from x.x.x.x but no ban

    with 2.3.1 WP plugin -> authlog ->
    Authentication failure for admin from x.x.x.x at 5 error ban

    any sugget ?
    THX

    https://www.ads-software.com/plugins/wp-fail2ban/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author invisnet

    (@invisnet)

    As mentioned in the upgrade notices, you’ll need to update your fail2ban filters – they’ve changed a lot since then. You’ll want both wordpress-soft.conf and wordpress-hard.conf.

    Thread Starter bubaweb

    (@bubaweb)

    I did it, remove wordpress.conf in jail.local

    [wordpress-hard]
    enabled = true
    filter = wordpress-hard
    logpath = /var/log/auth.log
    maxretry = 5
    port = http,https
    bantime = 7600

    [wordpress-soft]
    enabled = true
    filter = wordpress-soft
    logpath = /var/log/auth.log
    maxretry = 5
    port = http,https
    bantime = 7600

    If I test regex with both filter (soft + hard) I have no result ??

    root@puci:~# fail2ban-regex /var/log/authlog.log /etc/fail2ban/filter.d/wordpress-hard.conf

    Running tests
    =============

    Use regex file : /etc/fail2ban/filter.d/wordpress-hard.conf
    Use single line: /var/log/authlog.log

    Results
=======

Failregex
|- Regular expressions:
|  [1] ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?(?:wordpress|wp)(?:\(\S+\))?[\]\)]?:?|[\[\(]?(?:wordpress|wp)(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*Blocked user enumeration attempt from <HOST>$
|  [2] ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?(?:wordpress|wp)(?:\(\S+\))?[\]\)]?:?|[\[\(]?(?:wordpress|wp)(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*Blocked authentication attempt for .* from <HOST>$
|  [3] ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?(?:wordpress|wp)(?:\(\S+\))?[\]\)]?:?|[\[\(]?(?:wordpress|wp)(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*Pingback error .* generated from <HOST>$
|  [4] ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?(?:wordpress|wp)(?:\(\S+\))?[\]\)]?:?|[\[\(]?(?:wordpress|wp)(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*Spam comment \d+ from <HOST>$
|  [5] ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?(?:wordpress|wp)(?:\(\S+\))?[\]\)]?:?|[\[\(]?(?:wordpress|wp)(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*XML-RPC multicall authentication failure from <HOST>$
|

    – Number of matches:
    [1] 0 match(es)
    [2] 0 match(es)
    [3] 0 match(es)
    [4] 0 match(es)
    [5] 0 match(es)

    Ignoreregex
    |- Regular expressions:
    |

    - Number of matches:

Summary
=======

Sorry, no match

Look at the above section 'Running tests' which could contain important
information.

    just sad because I dont know

    Hey @bubaweb, see my relevant thread here:
    https://www.ads-software.com/support/topic/major-security-flaw-1

    Thread Starter bubaweb

    (@bubaweb)

    new update works 3.5.3 with new filter work with my server. I will test it on the other 3 and I will update. thx a lot for your work.
    ciao

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Working with 2.3.1 and not vith 3.5.1’ is closed to new replies.