Created
November 29, 2014 08:29
-
-
Save Clorith/dc8485bacce8f52d9389 to your computer and use it in GitHub Desktop.
fail2ban filter.d/wordpress.conf for WordPress bruteforce protection
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Fail2Ban configuration file | |
| # | |
| # Author: Marius | |
| # | |
| [INCLUDES] | |
| before = common.conf | |
| [Definition] | |
| # Option: failregex | |
| # Notes.: regex to match the password failures messages in the logfile. The | |
| # host must be matched by a group named "host". The tag "<HOST>" can | |
| # be used for standard IP/hostname matching and is only an alias for | |
| # (?:::f{4,6}:)?(?P<host>\S+) | |
| # Values: TEXT | |
| # | |
| # Different events to match against | |
| # | |
| # 64.34.173.227 - - [06/Nov/2014:08:39:41 +0100] "POST /wp-login.php HTTP/1.1" 200 1922 "http://www.clorith.net/wp-login.php" "[% tools.ua.random() %]" | |
| # 37.57.231.204 - - [19/Nov/2014:13:43:41 +0100] "POST http://www.clorith.net/wp-login.php/ HTTP/1.1" 200 5761 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.0.2) Gecko/2008091620 Firefox/3.0.2" | |
| failregex = ^<HOST> .+?POST.+?wp-login\.php.+?" | |
| # Option: ignoreregex | |
| # Notes.: regex to ignore. If this regex matches, the line is ignored. | |
| # Values: TEXT | |
| # | |
| ignoreregex = |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment