-
-
Save jas8522/f638d8e3192a0e44ebe3849b1c32e45a to your computer and use it in GitHub Desktop.
Fail2Ban WordPress XMLRPC Jail and Filter. Notes: log path is set for Plesk v12+. Adjusted to work with a 'normal' xmlrpc request hit rate and only ban when beyond normal.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ws-wp-xmlrpc] | |
| enabled = true | |
| filter = ws-wp-xmlrpc | |
| action = iptables-multiport[name=wp-xmlrpc, port="http,https"] | |
| logpath = /var/www/vhosts/system/*/logs/*access*log tail | |
| /var/log/httpd/*access_log tail | |
| # If there are 50 hits in 30 seconds (1.66/s), ban the IP for 30 minutes | |
| bantime = 1800 | |
| maxretry = 50 | |
| findtime = 30 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Fail2Ban filter for WordPress XMLRPC | |
| [INCLUDES] | |
| before = common.conf | |
| [Definition] | |
| failregex = ^<HOST>.* "POST .*/xmlrpc\.php.* | |
| # Allow JetPack and FooEvents | |
| ignoreregex = ^<HOST>.*] "POST /xmlrpc\.php?for=jetpack.* | |
| ignoreregex = ^<HOST>.*] "POST /xmlrpc\.php?.*FooEvents_app.* | |
| # Original Rule Author: Gavin Botica |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment