From 766cc89d1d8cf06362748d51c5e9f062dc7ff36b Mon Sep 17 00:00:00 2001 From: driz <40674481+drizuid@users.noreply.github.com> Date: Tue, 15 Oct 2024 10:33:55 -0400 Subject: [PATCH 1/2] wordpress support --- filter.d/wordpress.conf | 19 +++++++++++++++++++ jail.d/wordpress.conf | 8 ++++++++ 2 files changed, 27 insertions(+) create mode 100644 filter.d/wordpress.conf create mode 100644 jail.d/wordpress.conf diff --git a/filter.d/wordpress.conf b/filter.d/wordpress.conf new file mode 100644 index 0000000..c6a19df --- /dev/null +++ b/filter.d/wordpress.conf @@ -0,0 +1,19 @@ +## Version 2024/10/15 +# Fail2Ban filter for Wordpress login failures + +[INCLUDES] +before = common.conf + +[Definition] + +# pattern: 69.12.111.70 - - [28/Apr/2021:15:09:19 -0400] "GET /wp-login.php HTTP/1.1" 200 8315 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" +# 69.12.111.70 - - [28/Apr/2021:15:09:21 -0400] "POST /xmlrpc.php HTTP/1.1" 503 18354 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" +# 69.12.111.70 - - [28/Apr/2021:15:09:22 -0400] "POST /wp-login.php HTTP/1.1" 503 18382 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" +# +# +# Option: failregex +# Notes.: regex to match the password failure messages in the logfile. + +failregex = ^.* (GET|POST) (wp-login\.php|xmlrpc\.php) + +ignoreregex = \ No newline at end of file diff --git a/jail.d/wordpress.conf b/jail.d/wordpress.conf new file mode 100644 index 0000000..0052a38 --- /dev/null +++ b/jail.d/wordpress.conf @@ -0,0 +1,8 @@ +## Version 2024/10/15 +# Fail2Ban jail configuration for wordpress via NGINX logs + +[wordpress] + +enabled = false +port = http,https +logpath = %(nginx_error_log)s From 233e7cca2a443aa75b3dfe0248358640c0a142ab Mon Sep 17 00:00:00 2001 From: driz <40674481+drizuid@users.noreply.github.com> Date: Tue, 15 Oct 2024 10:34:10 -0400 Subject: [PATCH 2/2] fix crlf --- jail.d/wordpress.conf | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/jail.d/wordpress.conf b/jail.d/wordpress.conf index 0052a38..5c4a9a7 100644 --- a/jail.d/wordpress.conf +++ b/jail.d/wordpress.conf @@ -1,8 +1,8 @@ -## Version 2024/10/15 -# Fail2Ban jail configuration for wordpress via NGINX logs - -[wordpress] - -enabled = false -port = http,https -logpath = %(nginx_error_log)s +## Version 2024/10/15 +# Fail2Ban jail configuration for wordpress via NGINX logs + +[wordpress] + +enabled = false +port = http,https +logpath = %(nginx_error_log)s