dcadar

Forum Replies Created

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter dcadar

    (@dcadar)

    @reconmail
    indeed.

    Thread Starter dcadar

    (@dcadar)

    Well, I’ve modified wp-fail2ban.php like this:

    original:

    function openlog($log = LOG_AUTH, $custom_log = ‘WP_FAIL2BAN_AUTH_LOG’)
    {
    \openlog(‘wordpress(‘.$_SERVER[‘HTTP_HOST’].’)’,
    LOG_NDELAY|LOG_PID,
    defined($custom_log) ? constant($custom_log) : $log);
    }

    modified:

    function openlog($log = LOG_AUTH, $custom_log = ‘WP_FAIL2BAN_AUTH_LOG’)
    {
    \openlog(‘wp(‘.$_SERVER[‘HTTP_HOST’].’)’,
    LOG_NDELAY|LOG_PID,
    defined($custom_log) ? constant($custom_log) : $log);
    }

    However, a proper solution would be to truncate the tag if it’s longer than 32 characters. With what I’ve modified it will still fail if the server name it’s longer than 22 characters.

    Thread Starter dcadar

    (@dcadar)

    it’s not the <SERVER> which gets truncated, but the pid. And instead of having something like
    wordpress(some.longwebsite.com)[12345]: Authentication failed ........
    will get something like:
    wordpress(some.longwebsite.com)[12 Authentication failed .......
    which will cause fail2ban not to match it (unless the filter is modified).

    And it’s not about having non-alphanumeric chars in the TAG (causing it to terminate it), it’s about the TAG exceeding 32 characters; everything what’s after the 32nd char in the TAG will be discarded.

Viewing 3 replies - 1 through 3 (of 3 total)