Stop/Block Apache/Nginx hack attempts with fail2ban
Here is a useful quick post to stop hack attempts to your WordPress web server like wp-login brute force and xmlrpc exploits attacks.
First of all, install the package “fail2ban“:
sudo apt-get install fail2ban
Then add these two rules to your jail file on /etc/fail2ban/jail.conf
[web-xmlrpc] enabled = true port = http,https filter = apache-xmlrpc logpath = /var/log/nginx/*access.log maxretry = 6 [web-wplogin] enabled = true port = http,https filter = apache-wplogin logpath = /var/log/nginx/*access.log maxretry = 2 bantime = 86400 findtime = 600
Please change the logpath according to your web servers access logs
Now add two files on /etc/fail2ban/filter.d like web-wplogin.conf and web-xmlrpc.conf with respectively:
[Definition] failregex = ^\ \-.*\"POST\ \/wp-login.php HTTP\/1\..*\" ignoreregex =
and
[Definition] failregex = ^ .*POST .*xmlrpc\.php.* ignoreregex =
Restart fail2ban and wait, you can tail the log in the meanwhile:
tail -f /var/log/fail2ban.log
If you wanna check or manage the bans you can play with the fail2ban-client command.
Have fun.
If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
12:51 on August 1st, 2014
[…] configure it to catch and ban your malicious hosts, you can find useful information how to block hosts with fail2ban in this post I wrote months […]