• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved fail2ban and Magento

CoyoteKG

CoyoteKG

Regular Pleskian
Hi,
I searched if someone write about this here on the forum, but I did not found.

I found magento guide how to set it, and I did it.
I mistaken password 5 times, but did not banned.

This is jail
Code: 
[magento]
enabled = true
filter = magento
action = iptables-allports[chain="INPUT", name="default", port="ssh", protocol="tcp", blocktype="REJECT --reject-with icmp-port-unreachable"]
sendmail[dest="[email protected]", sender="fail2ban", sendername="Fail2Ban", name="default"]
logpath = /var/www/vhosts/*/logs/access_*log
maxretry = 2

and this is filter
Code: 
[Definition]
# Use this for "soft" bad behaviour, as the source will only be banned after multiple retries.
failregex = ^<HOST> .+"POST \S+(/downloader/|/downloader/index.php\?A=loggedin|/admin/index/|/admin/)\s
ignoreregex =

I also tried with
Code: 
[Definition]
# Use this for "soft" bad behaviour, as the source will only be banned after multiple retries.
failregex = ^<HOST> .+"POST \S+wp-login.php
            ^<HOST> .+"(POST|GET) \S+/etc/passwd
            ^<HOST> .+"POST \S+(/downloader/|/downloader/index.php\?A=loggedin|/admin/index/|/admin/)\s
ignoreregex =

and I append something similar with WP jail, just like this because I found it in the access logs
Code: 
^<HOST> .* "POST .*/admin HTTP/.*" 200
but again without success.

in the fail2ban logs, I see that fail2ban added those logs that I need, and I saw that fail2ban was restarted, but I was not banned.
 
Hi,
again I'm speaking with myself :).

I fixed it, but for now I don't know how.
I just edited two things.

I added 2 more log file paths so jail is now
Code: 
[magento]
enabled = true
filter = magento
action = iptables-allports[chain="INPUT", name="default", port="ssh", protocol="tcp", blocktype="REJECT --reject-with icmp-port-unreachable"]
sendmail[dest="[email protected]", sender="fail2ban", sendername="Fail2Ban", name="default"]
logpath = /var/www/vhosts/*/logs/access_*log
/var/www/vhosts/system/*/logs/*access*log
/var/log/apache2/*access.log
maxretry = 3

And I edited filter.
Now is
Code: 
[Definition]
failregex = ^<HOST> .+"POST \S+wp-login.php
    ^<HOST> .+"(POST|GET) \S+/etc/passwd
    ^<HOST> .+"POST \S+(/downloader/|/downloader/index.php\?A=loggedin|/admin/index/|/admin/)\s
    ^<HOST>.* "POST .*/admin HTTP/.*" 200
ignoreregex =

I edited that third filter, deleted space between HOST and ".". I don't know if it is works now because that, because I could not test.
Because every fail2ban changes, I was impatient to wait 20 minutes, and tried to test login. And i was able to miss 10 times password without ban.
And after 20 minutes, when fail2ban was read the logs, it banned that IP.
Maybe because one our sites have from this morning until now, more then 250000 records. It need time to read it...

So, now it works. Later if I find time, I'll try to delete paths, and edit filter, just to see if it still works.
 
You must log in or register to reply here.

Similar threads

E
fail2ban: plesk-wordpress jail is to restrictive
Replies
1
Views
6K
Kaspar@Plesk
Kaspar@Plesk
P
Input plesk fail2ban missing some important filter rules
Replies
2
Views
1K
PeterKi
P
J
Issue Default plesk-wordpress fail2ban doesn't work
Replies
6
Views
840
Peter Debik
P
andreios
Issue Fail2ban WordPress login detection doesn't work and fail2ban couldn't be configured trough Plesk
Replies
2
Views
580
andreios
andreios
S
Issue Filter for plesk-wordpress jail does not work, any ideas?
Replies
1
Views
348
AYamshanov
AYamshanov
Back
Top