Fail2Ban Wordpress jail issues

Chris1

Chris1

Regular Pleskian
Hello,

I have a custom jail set up to match the following:

Code: 
failregex = <HOST>.*] "POST /wp-login.php

This does work however it seems that when it is running on a server with ~300 domains it struggles to ban IP's efficiently.

Log path is set to:

Code: 
logpath = /var/www/vhosts/system/*/logs/access_log

A warning appears in the Fail2Ban section that states:

Code: 
Warning: Fail2Ban might not work well if there are many domains and Fail2Ban has to monitor too many log files.

As the "*" would be making it scan ~300 log files, is there a more efficient way of scanning for Wordpress login attempts?

Even though I have it set to 5 attempts before being banned, it can sometimes take up to 30-60 minutes to ban the offending IP even if they are brute forcing with an attempt every second.

Kind regards,
Chris
 
Hi,

I can't help you with getting fail2ban to work any better with ~300 domains, however -- I use a similar filter for failed WP logins and use this failregex:

Code: 
failregex = ^<HOST>.*] "POST /wp-login.php HTTP/.*" 200

I think with your filter as it is, you would be catching ALL posts to wp-login.php, rather than just failed logins. A successful login does a 302 redirect, and failed login does a 200.
 
You must log in or register to reply here.

Similar threads

J
fail2ban: plesk-wordpress jail is to restrictive
Replies
1
Views
6K
Kaspar@Plesk
Kaspar@Plesk
brother4
Question Why isn't xmlrpc.php monitored by the WordPress jail in Fail2Ban?
Replies
8
Views
2K
Maarten
M
andreios
Issue Fail2ban WordPress login detection doesn't work and fail2ban couldn't be configured trough Plesk
Replies
2
Views
1K
andreios
andreios
S
Issue Filter for plesk-wordpress jail does not work, any ideas?
Replies
1
Views
1K
AYamshanov
AYamshanov
wakabayashi
Resolved Fail2Ban - Postfix not working for SASL (bug?)
Replies
4
Views
2K
mizar
mizar
Back
Top