• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved Fail2ban not banning

W

Wes

New Pleskian
Hi,

I am having trouble with fail2ban.

Everything is configured correctly except fail2ban isn't banning.

2016-09-30 16:07:12,423 fail2ban.jail [17905]: INFO Jail 'plesk-wordpress' started
2016-09-30 16:07:12,428 fail2ban.jail [17905]: INFO Jail 'xmlrpc' started
2016-09-30 16:07:32,124 fail2ban.filter [17905]: INFO [plesk-wordpress] Found xxx.xxx.xxx.xxx
2016-09-30 16:07:37,872 fail2ban.filter [17905]: INFO [xmlrpc] Found xxx.xxx.xxx.xxx
2016-09-30 16:07:59,391 fail2ban.filter [17905]: INFO [xmlrpc] Found xxx.xxx.xxx.xxx
2016-09-30 16:12:41,074 fail2ban.filter [17905]: INFO [plesk-wordpress] Found xxx.xxx.xxx.xxx

[plesk-wordpress]
enabled = true
filter = plesk-wordpress
action = iptables-multiport[name="plesk-wordpress", port="http,https,7080,7081"]
logpath = /var/www/vhosts/system/*/statistics/logs/access_log
maxretry = 5
 
What is output of following command:

# grep failregex /etc/fail2ban/filter.d/plesk-wordpress.conf

?
 
The output is:

# Option: failregex

failregex = ^<HOST>.* "POST .*/wp-login.php HTTP/.*" 200
 
By default it should be


[plesk-wordpress]
enabled = true
filter = plesk-wordpress
action = iptables-multiport[name="plesk-wordpress", port="http,https,7080,7081"]
logpath = /var/www/vhosts/system/*/logs/*access*log
/var/log/httpd/*access_log
maxretry = 5
 
Hello Wes :)

We've published an article a while ago detailing the process of securing WordPress with Fail2ban. It can be found here - give it a look, perhaps it will shed some light on your conundrum :)
 
You must log in or register to reply here.

Similar threads

F
Issue Fail2ban: Ip addresses are not blocked by Recidive
Replies
14
Views
1K
frg62
F
Gianni
Question My IP in jail fail2ban using plesk
Replies
0
Views
437
Gianni
Gianni
D
Resolved fail2ban blocks IP from all visitors to a website
Replies
3
Views
2K
dicker
D
wakabayashi
Resolved Fail2Ban - Postfix not working for SASL (bug?)
Replies
4
Views
1K
mizar
mizar
F
Issue Fail2ban error with Almalinux ¿nf_tables?
Replies
1
Views
685
Fede Marsell
F
Back
Top