Created
October 13, 2016 00:13
-
-
Save dale-c-anderson/40d1f0519de16c4f038b63be4b8e826a to your computer and use it in GitHub Desktop.
Quick and dirty fail2ban filter for blocking obnoxious shitheads who attempt bad things on your wordpress site
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /etc/fail2ban/filter.d/apache-wordpress.conf | |
# | |
# Fail2Ban configuration file | |
# | |
# Author: | |
# Dale Anderson <danderson@acromediainc.com> | |
# | |
# Description: | |
# Bans anyone who tries to POST to a PHP file (existing or not) in the wp-content/uploads directory. | |
# | |
# Triggering example: | |
# 205.186.160.156 - - [12/Oct/2016:23:19:23 +0000] "POST /wp-content/uploads/2012/11/model.php HTTP/1.1" 404 12642 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko" | |
# | |
# Usage: | |
# 1) Drop apache-wordpress.conf into /etc/fail2ban/filters.d/ | |
# 2) Place the following in your /etc/fail2ban/jail.local file. This example is swift, broad, and merciless: | |
# [apache-wordpress] | |
# enabled = true | |
# filter = apache-wordpress | |
# port = http,https | |
# banaction = iptables-allports | |
# bantime = 525600 | |
# logpath = /home/*/www/*/logs/*custom_log | |
# maxretry = 1 | |
[Definition] | |
failregex = ^<HOST> -.*"POST /wp-content/uploads.*\.php HTTP.*$ | |
ignoreregex = |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment