Skip to content

Instantly share code, notes, and snippets.

@guilhermevini
Created August 15, 2017 19:53
Show Gist options
  • Save guilhermevini/792b79178a825704644a9c0bcddd0489 to your computer and use it in GitHub Desktop.
Save guilhermevini/792b79178a825704644a9c0bcddd0489 to your computer and use it in GitHub Desktop.
block flooded wp
# cat /etc/fail2ban/action.d/ufw.conf
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = ufw insert 1 deny from <ip>
actionunban = ufw delete deny from <ip>
# cat /etc/fail2ban/filter.d/xmlrpc.conf
[Definition]
failregex = ^\S* <HOST> .*POST .*xmlrpc\.php.*
ignoreregex =
# cat /etc/fail2ban/filter.d/wp-login.conf
[Definition]
failregex = ^\S* <HOST> .*POST .*wp-login\.php.*
ignoreregex =
# cat /etc/fail2ban/jail.d/xmlrpc.conf
[xmlrpc]
enabled = true
filter = xmlrpc
action = ufw
logpath = /var/log/apache2/other_vhosts_access.log
bantime = 43200
maxretry = 2
# cat /etc/fail2ban/jail.d/wp-login.conf
[wp-login]
enabled = true
filter = xmlrpc
action = ufw
logpath = /var/log/apache2/other_vhosts_access.log
bantime = 600
maxretry = 6
findtime = 60
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment