Resolved Fail2ban not banning

[Wes]

Hi,

I am having trouble with fail2ban.

Everything is configured correctly except fail2ban isn't banning.

2016-09-30 16:07:12,423 fail2ban.jail [17905]: INFO Jail 'plesk-wordpress' started
2016-09-30 16:07:12,428 fail2ban.jail [17905]: INFO Jail 'xmlrpc' started
2016-09-30 16:07:32,124 fail2ban.filter [17905]: INFO [plesk-wordpress] Found xxx.xxx.xxx.xxx
2016-09-30 16:07:37,872 fail2ban.filter [17905]: INFO [xmlrpc] Found xxx.xxx.xxx.xxx
2016-09-30 16:07:59,391 fail2ban.filter [17905]: INFO [xmlrpc] Found xxx.xxx.xxx.xxx
2016-09-30 16:12:41,074 fail2ban.filter [17905]: INFO [plesk-wordpress] Found xxx.xxx.xxx.xxx

[plesk-wordpress]
enabled = true
filter = plesk-wordpress
action = iptables-multiport[name="plesk-wordpress", port="http,https,7080,7081"]
logpath = /var/www/vhosts/system/*/statistics/logs/access_log
maxretry = 5

 

[IgorG]

What is output of following command:

# grep failregex /etc/fail2ban/filter.d/plesk-wordpress.conf

?

 

[Wes]

The output is:

# Option: failregex

failregex = ^<HOST>.* "POST .*/wp-login.php HTTP/.*" 200

 

[IgorG]

By default it should be


[plesk-wordpress]
enabled = true
filter = plesk-wordpress
action = iptables-multiport[name="plesk-wordpress", port="http,https,7080,7081"]
logpath = /var/www/vhosts/system/*/logs/*access*log
/var/log/httpd/*access_log
maxretry = 5

 

[Wes]

Even if i reset the jail to default fail2ban isn't banning the ip's he found.

 

[modronmarch]

Hello Wes

We've published an article a while ago detailing the process of securing WordPress with Fail2ban. It can be found here - give it a look, perhaps it will shed some light on your conundrum

 

[Wes]

It works thank you for the support