• Dear Pleskians! The Plesk Forum will be undergoing scheduled maintenance on Monday, 7th of July, at 9:00 AM UTC. The expected maintenance window is 2 hours.
    Thank you in advance for your patience and understanding on the matter.

Fail2Ban Wordpress jail issues

Chris1

Regular Pleskian
Hello,

I have a custom jail set up to match the following:

Code:
failregex = <HOST>.*] "POST /wp-login.php

This does work however it seems that when it is running on a server with ~300 domains it struggles to ban IP's efficiently.

Log path is set to:

Code:
logpath = /var/www/vhosts/system/*/logs/access_log

A warning appears in the Fail2Ban section that states:

Code:
Warning: Fail2Ban might not work well if there are many domains and Fail2Ban has to monitor too many log files.

As the "*" would be making it scan ~300 log files, is there a more efficient way of scanning for Wordpress login attempts?

Even though I have it set to 5 attempts before being banned, it can sometimes take up to 30-60 minutes to ban the offending IP even if they are brute forcing with an attempt every second.

Kind regards,
Chris
 
Hi,

I can't help you with getting fail2ban to work any better with ~300 domains, however -- I use a similar filter for failed WP logins and use this failregex:

Code:
failregex = ^<HOST>.*] "POST /wp-login.php HTTP/.*" 200

I think with your filter as it is, you would be catching ALL posts to wp-login.php, rather than just failed logins. A successful login does a 302 redirect, and failed login does a 200.
 
Back
Top