Skip to content

Instantly share code, notes, and snippets.

@yourdesigncoza

yourdesigncoza/fail2ban-ubuntu-wordpress-ssh-non-default-port

Created April 25, 2013 13:04
Show Gist options
  • Save yourdesigncoza/5459534 to your computer and use it in GitHub Desktop.
Save yourdesigncoza/5459534 to your computer and use it in GitHub Desktop.
Download ZIP
Fail2ban is an intrusion prevention framework written in the Python programming language. I've added additional security for unauthorised WP login attempts and SSH security to non default port
Raw
fail2ban-ubuntu-wordpress-ssh-non-default-port
# Fail2ban is an intrusion prevention framework written in the Python programming language. I've added additional security for unauthorised WP login attempts and SSH security to non default port
# IMPORTANT : add your own data or parameters, I make use of double segments [[ your variable ]]. eg. ssh root@[[ 96.172.44.11 ]] should be replaced with ssh root@888.88.88.88 where "888.88.88.88" is your value, variable etc. I have a habit of using ":::" to indicate line ending and end of paragraph, crazy I know but be warned its just how I write ::: All notes are for my own use & should you use any it's at your own risk, it's NOT a Tutorial :::
# References
# http://www.fail2ban.org/wiki/index.php/MANUAL_0_8
# https://www.digitalocean.com/community/articles/how-to-protect-ssh-with-fail2ban-on-ubuntu-12-04
# http://www.dp.cx/blog/postfix---fail2ban---win.html
# http://en.wikipedia.org/wiki/Fail2ban
# http://www.imrazor.de/wordpress/?p=875
# Install Fail2Ban
sudo apt-get install fail2ban
# Copy the config. file
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
# Time to edit
sudo nano /etc/fail2ban/jail.local
# Edit the following lines and save:
destemail = [[ your email address ]]
action = %(action_mwl)s
# [ssh]
enabled = true
# If you have a custom port number add it or leave as is
port = [[ your port number ]]
maxretry = [[ 3 ]]
# [ssh-ddos]
enabled = true
port = [[ your port number ]]
maxretry = [[ 3 ]]
# [apache-noscript]
enabled = true
maxretry = 3
# [vsftpd]
enabled = true
# [postfix]
enabled = false
############################
# Add this at the bottom
############################
[wp-login]
enabled = true
port = http,https
filter = wp-login
action = iptables[name=WP, port=http, protocol=tcp]
logpath = /var/log/apache*/*access.log
maxretry = 3
bantime = 3600
findtime = 600
[wp-blog-comment]
enabled = true
port = http, https
filter = wp-blog-comment
logpath = /var/log/apache*/*access.log
maxretry = 1
bantime = 86400
findtime = 600
# Save:
#######################
# UPDATE
#######################
sudo nano /etc/fail2ban/filter.d/postfix.conf
failregex = \[<HOST>\]: SASL PLAIN authentication failed
reject: RCPT from (.*)\[<HOST>\]: 550 5.1.1
reject: RCPT from (.*)\[<HOST>\]: 450 4.7.1
reject: RCPT from (.*)\[<HOST>\]: 554 5.7.1
ignoreregex =
########################
# Create filter for [wp-login]
########################
sudo nano /etc/fail2ban/filter.d/wp-login.conf
[Definition]
# failregex = <HOST>.*] "POST /wp-login.php
failregex = <HOST>. * ] "POST \ s + / wp-login.php \ s + HTTP / 1 \ .." \ s + 200 \ s +
ignoreregex =
########################
# Create filter for [wp-blog-comment]
########################
sudo nano /etc/fail2ban/filter.d/wp-blog-comment.conf
[Definition]
failregex = <HOST> = - \ "POST / wordpress / wp-comments-post.php HTTP / 1 \ [01]." 500 [0-9] + $ * [* \.].
ignoreregex =
######################
# Restart fail2ban
sudo /etc/init.d/fail2ban restart
# Testing
# To test fail2ban, look at iptable rules:
sudo iptables -L
sudo fail2ban-client -d
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment