Possible jail.local config for wp fail2ban

  • In working on our webserver we noticed that WP Fail2Ban was not adding blocked IP’s to the IPTables and then, once we fixed that bit, IPTables was not blocking the IP address anyway.

    Our original config was:

    [wordpress]

enabled  = true
filter   = wordpress
action   = iptables-multiport
logpath  = /var/log/messages
port = http,https
maxretry = 3

    After a bit of testing (and some lost hair), we found the following configuration in our jail.local file worked:

    [wordpress]

enabled  = true
filter   = wordpress
action   = iptables-multiport[name=wordpress, port="http,https"]
logpath  = /var/log/messages
maxretry = 3

    Fail2Ban Version = 0.8.10

    https://www.ads-software.com/plugins/wp-fail2ban/

Viewing 2 replies - 1 through 2 (of 2 total)

  • In addition, on Ubuntu, the messages are sent to /var/log/auth.log. There’s no such thing as /var/log/messages.

    I also prefer to use a more restrictive action, and set a long ban time. And of course you should enable other filters as well.

    [wordpress]
enabled  = true
filter   = wordpress
action   = iptables-allports[name=wordpress]
logpath  = /var/log/auth.log
maxretry = 2
findtime = 3600
bantime  = 604800

[apache]
enabled = true

[apache-overflows]
enabled = true

[apache-noscript]
enabled = true

    well, the action depends on your system. using this plugin assumes you’ve got a working fail2ban installation in the first place…

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Possible jail.local config for wp fail2ban’ is closed to new replies.