Ja dürfen die das?

aus /var/log/auth.log:

Dec 7 21:25:35 big wordpress(rainer.sokoll.com)[4373]: XML-RPC authentication failure for rainer from 85.204.246.240
Dec 7 21:25:40 big wordpress(rainer.sokoll.com)[4373]: XML-RPC authentication failure for moritz from 85.204.246.240
Dec 7 21:26:00 big wordpress(rainer.sokoll.com)[3981]: XML-RPC authentication failure for rainer from 85.204.246.240
Dec 7 21:26:02 big wordpress(rainer.sokoll.com)[3981]: XML-RPC authentication failure for moritz from 85.204.246.240
Dec 7 21:26:24 big wordpress(rainer.sokoll.com)[4373]: XML-RPC authentication failure for rainer from 85.204.246.240
Dec 7 21:26:46 big wordpress(rainer.sokoll.com)[4778]: XML-RPC authentication failure for moritz from 85.204.246.240
Dec 7 21:27:18 big wordpress(rainer.sokoll.com)[4373]: XML-RPC authentication failure for rainer from 85.204.246.240
Dec 7 21:27:58 big wordpress(rainer.sokoll.com)[4373]: XML-RPC authentication failure for moritz from 85.204.246.240
Dec 7 21:28:19 big wordpress(rainer.sokoll.com)[3981]: XML-RPC authentication failure for rainer from 85.204.246.240

Das ist natür­lich ziem­lich gemein. Nun ja:

root@big:/etc/fail2ban# tail -8 jail.local
[wordpress]
enabled = true
port = http,https
logpath = /var/log/auth.log
bantime = 600
findtime = 60
maxretry = 1
filter = wordpress

in Ver­bin­dung mit

root@big:/etc/fail2ban# cat filter.d/wordpress.conf
[Definition]

failregex = ^.*wordpress.*authentication failure for.* from <HOST>$
root@big:/etc/fail2ban#

regelt:

root@big:/etc/fail2ban# grep wordpress /var/log/fail2ban.log
2019-12-07 21:28:24,934 fail2ban.jail [23280]: INFO Creating new jail 'wordpress'
2019-12-07 21:28:24,936 fail2ban.jail [23280]: INFO Jail 'wordpress' uses poller {}
2019-12-07 21:28:24,965 fail2ban.jail [23280]: INFO Jail 'wordpress' started
2019-12-07 21:28:24,982 fail2ban.filter [23280]: INFO [wordpress] Found 85.204.246.240 - 2019-12-07 21:27:58
2019-12-07 21:28:24,983 fail2ban.filter [23280]: INFO [wordpress] Found 85.204.246.240 - 2019-12-07 21:28:19
2019-12-07 21:28:25,166 fail2ban.actions [23280]: NOTICE [wordpress] Ban 85.204.246.240
2019-12-07 21:38:19,996 fail2ban.actions [23280]: NOTICE [wordpress] Unban 85.204.246.240
root@big:/etc/fail2ban#

🙂

0

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.