• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Resolved fail2ban and Magento

CoyoteKG

CoyoteKG

Regular Pleskian
Hi,
I searched if someone write about this here on the forum, but I did not found.

I found magento guide how to set it, and I did it.
I mistaken password 5 times, but did not banned.

This is jail
Code: 
[magento]
enabled = true
filter = magento
action = iptables-allports[chain="INPUT", name="default", port="ssh", protocol="tcp", blocktype="REJECT --reject-with icmp-port-unreachable"]
sendmail[dest="[email protected]", sender="fail2ban", sendername="Fail2Ban", name="default"]
logpath = /var/www/vhosts/*/logs/access_*log
maxretry = 2

and this is filter
Code: 
[Definition]
# Use this for "soft" bad behaviour, as the source will only be banned after multiple retries.
failregex = ^<HOST> .+"POST \S+(/downloader/|/downloader/index.php\?A=loggedin|/admin/index/|/admin/)\s
ignoreregex =

I also tried with
Code: 
[Definition]
# Use this for "soft" bad behaviour, as the source will only be banned after multiple retries.
failregex = ^<HOST> .+"POST \S+wp-login.php
            ^<HOST> .+"(POST|GET) \S+/etc/passwd
            ^<HOST> .+"POST \S+(/downloader/|/downloader/index.php\?A=loggedin|/admin/index/|/admin/)\s
ignoreregex =

and I append something similar with WP jail, just like this because I found it in the access logs
Code: 
^<HOST> .* "POST .*/admin HTTP/.*" 200
but again without success.

in the fail2ban logs, I see that fail2ban added those logs that I need, and I saw that fail2ban was restarted, but I was not banned.
 
Hi,
again I'm speaking with myself :).

I fixed it, but for now I don't know how.
I just edited two things.

I added 2 more log file paths so jail is now
Code: 
[magento]
enabled = true
filter = magento
action = iptables-allports[chain="INPUT", name="default", port="ssh", protocol="tcp", blocktype="REJECT --reject-with icmp-port-unreachable"]
sendmail[dest="[email protected]", sender="fail2ban", sendername="Fail2Ban", name="default"]
logpath = /var/www/vhosts/*/logs/access_*log
/var/www/vhosts/system/*/logs/*access*log
/var/log/apache2/*access.log
maxretry = 3

And I edited filter.
Now is
Code: 
[Definition]
failregex = ^<HOST> .+"POST \S+wp-login.php
    ^<HOST> .+"(POST|GET) \S+/etc/passwd
    ^<HOST> .+"POST \S+(/downloader/|/downloader/index.php\?A=loggedin|/admin/index/|/admin/)\s
    ^<HOST>.* "POST .*/admin HTTP/.*" 200
ignoreregex =

I edited that third filter, deleted space between HOST and ".". I don't know if it is works now because that, because I could not test.
Because every fail2ban changes, I was impatient to wait 20 minutes, and tried to test login. And i was able to miss 10 times password without ban.
And after 20 minutes, when fail2ban was read the logs, it banned that IP.
Maybe because one our sites have from this morning until now, more then 250000 records. It need time to read it...

So, now it works. Later if I find time, I'll try to delete paths, and edit filter, just to see if it still works.
 
You must log in or register to reply here.

Similar threads

P
Input plesk fail2ban missing some important filter rules
Replies
2
Views
634
PeterKi
P
J
Issue Default plesk-wordpress fail2ban doesn't work
Replies
6
Views
293
Peter Debik
P
andreios
Issue Fail2ban WordPress login detection doesn't work and fail2ban couldn't be configured trough Plesk
Replies
2
Views
177
andreios
andreios
A
Issue Problems with fail2ban
Replies
1
Views
137
Kaspar@Plesk
Kaspar@Plesk
J
Issue Default plesk-apache-badbot fail2ban doesn't work
Replies
14
Views
854
pleskpanel
P
Back
Top