Stop/Block Apache/Nginx hack attempts with fail2ban

Screen Shot 2014-03-02 at 10.23.25

Here is a useful quick post to stop hack attempts to your WordPress web server like wp-login brute force and xmlrpc exploits attacks.

First of all, install the package “fail2ban“:

sudo apt-get install fail2ban

Then add these two rules to your jail file on /etc/fail2ban/jail.conf

[web-xmlrpc]
enabled = true
port = http,https
filter = apache-xmlrpc
logpath = /var/log/nginx/*access.log
maxretry = 6

[web-wplogin]
enabled = true
port = http,https
filter = apache-wplogin
logpath = /var/log/nginx/*access.log
maxretry = 2
bantime = 86400
findtime = 600

Please change the logpath according to your web servers access logs

Now add two files on /etc/fail2ban/filter.d like web-wplogin.conf and web-xmlrpc.conf with respectively:

[Definition]
failregex = ^\ \-.*\"POST\ \/wp-login.php HTTP\/1\..*\"
ignoreregex =

and

[Definition]
failregex = ^ .*POST .*xmlrpc\.php.*
ignoreregex =

Restart fail2ban and wait, you can tail the log in the meanwhile:

tail -f /var/log/fail2ban.log

If you wanna check or manage the bans you can play with the fail2ban-client command.

Have fun.

Tags: , , , , , , ,

Post simili:

If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.

One Response to “Stop/Block Apache/Nginx hack attempts with fail2ban”
  1. Nginx + Fail2ban Blocking IP behind AWS Load Balancer
    12:51 on August 1st, 2014

    […] configure it to catch and ban your malicious¬†hosts, you can find useful information how to block hosts with fail2ban in this post I wrote months […]

Leave a comment

(required)

(required)


*

Categories