ideaman007

Here’s an example of mine showing it working:

2012-10-27 17:09:39,003 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.6
2012-10-27 17:09:39,004 fail2ban.jail : INFO Creating new jail ‘ssh’
2012-10-27 17:09:39,007 fail2ban.jail : INFO Jail ‘ssh’ uses Gamin
2012-10-27 17:09:39,023 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2012-10-27 17:09:39,024 fail2ban.filter : INFO Set maxRetry = 6
2012-10-27 17:09:39,025 fail2ban.filter : INFO Set findtime = 600
2012-10-27 17:09:39,026 fail2ban.actions: INFO Set banTime = 600
2012-10-27 17:09:39,055 fail2ban.jail : INFO Creating new jail ‘wordpress’
2012-10-27 17:09:39,055 fail2ban.jail : INFO Jail ‘wordpress’ uses Gamin
2012-10-27 17:09:39,056 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2012-10-27 17:09:39,056 fail2ban.filter : INFO Set maxRetry = 6
2012-10-27 17:09:39,057 fail2ban.filter : INFO Set findtime = 600
2012-10-27 17:09:39,057 fail2ban.actions: INFO Set banTime = 600
2012-10-27 17:09:39,064 fail2ban.jail : INFO Jail ‘ssh’ started
2012-10-27 17:09:39,072 fail2ban.jail : INFO Jail ‘wordpress’ started
2012-10-27 17:09:41,135 fail2ban.actions: WARNING [wordpress] Ban 178.212.65.55
2012-10-27 17:19:41,917 fail2ban.actions: WARNING [wordpress] Unban 178.212.65.55

I copied the wordpress.conf into the /etc/fail2ban/filters.d folder

I copied the /etc/fail2ban/jail.conf to /etc/fail2ban/jail.local

I edited the jail.local to include this:

[wordpress]

enabled = true
port = http,https
filter = wordpress
logpath = /var/log/auth.log
maxretry = 6

I restarted fail2ban /etc/init.d/fail2ban restart

This was all on an Ubuntu 12.04 system with apache2, php 5.3.x, I simply installed the wordpress plugin, installed fail2ban on the server (apt-get install fail2ban) and it installed some dependencies along with it.

I adjusted my ignoreip list to not ban my IP’s as well

Hope this helps.