Last active
March 1, 2016 19:46
-
-
Save trepmal/9928ab0e023087da8a11 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /etc/fail2ban/filter.d/honeypot.conf | |
# | |
# Fail2Ban configuration file | |
# | |
# Author: Charles Lecklider | |
# | |
[INCLUDES] | |
# Read common prefixes. If any customizations available -- read them from | |
# common.local | |
before = common.conf | |
[Definition] | |
_daemon = wordpress | |
# Option: failregex | |
# Notes.: regex to match the password failures messages in the logfile. The | |
# host must be matched by a group named "host". The tag "<HOST>" can | |
# be used for standard IP/hostname matching and is only an alias for | |
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) | |
# Values: TEXT | |
# | |
failregex = ^%(__prefix_line)sBot in the Honeypot from <HOST>$ | |
# Option: ignoreregex | |
# Notes.: regex to ignore. If this regex matches, the line is ignored. | |
# Values: TEXT | |
# | |
ignoreregex = |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# append to jail.local | |
[honeypot] | |
enabled = true | |
filter = honeypot | |
action = iptables-multiport[name=wordpress,port="80,443"] | |
logpath = /var/log/auth.log | |
maxretry = 2 | |
findtime = 300 | |
bantime = 43200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* Plugin Name: Simple Honeypot | |
* Description: Basic honeypot for comment form with fail2ban integration. Requires: https://wordpress.org/plugins/wp-fail2ban/ | |
* Author: Kailey Lampert | |
* Author URI: kaileylampert.com | |
* Version: 0.1 | |
* License: GPLv2 or later | |
*/ | |
function sh_comment_form_after_fields() { | |
$name = 'sh'; | |
$field = "<span style='display: none; '><input type='text' name='$name' /></span>"; | |
echo apply_filters( 'honeypot_field', $field, $name ); | |
} | |
add_action( 'comment_form_after_fields', 'sh_comment_form_after_fields' ); | |
function sh_pre_comment_on_post( $comment_post_ID ) { | |
if ( isset( $_POST['sh'] ) && ! empty( $_POST['sh'] ) ) { | |
\org\lecklider\charles\wp_fail2ban\openlog(); | |
$remote_addr = \org\lecklider\charles\wp_fail2ban\remote_addr(); | |
syslog( LOG_NOTICE, "Bot in the Honeypot from $remote_addr" ); | |
\org\lecklider\charles\wp_fail2ban\bail(); | |
} | |
} | |
add_action( 'pre_comment_on_post', 'sh_pre_comment_on_post' ); | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment