- Server operating system version
- Debian 12
- Plesk version and microupdate number
- 18.0.61
Hi,
It seems the default installation of fail2ban does not work to block wordpress logins.
For example, this is the log of one of our wordpress sites:
And many more lines. However the IP is not blocked by the wordpress jail (or any other jail) So I assume this jail is not working. I didn´t change the filter of the jail:
And didn´t touched anything in the jail itself.
So, can anybody please tell me how to tuning this in order to work?
Thank you
It seems the default installation of fail2ban does not work to block wordpress logins.
For example, this is the log of one of our wordpress sites:
/var/www/vhosts/domain.es/logs/access_ssl_log:5.42.105.193 - - [31/May/2024:10:38:57 +0200] "POST /wp-login.php HTTP/1.0" 200 9869 "https://domain.es/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Edg/121.0.0.0"
/var/www/vhosts/domain.es/logs/access_ssl_log:5.42.105.193 - - [31/May/2024:10:38:57 +0200] "POST /wp-login.php HTTP/1.0" 200 9869 "https://domain.es/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Edg/121.0.0.0"
/var/www/vhosts/domain.es/logs/access_ssl_log:5.42.105.193 - - [31/May/2024:10:38:57 +0200] "POST /wp-login.php HTTP/1.0" 200 9869 "https://domain.es/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Edg/121.0.0.0"
/var/www/vhosts/domain.es/logs/access_ssl_log:5.42.105.193 - - [31/May/2024:10:38:57 +0200] "POST /wp-login.php HTTP/1.0" 200 9869 "https://domain.es/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Edg/121.0.0.0"
/var/www/vhosts/domain.es/logs/access_ssl_log:5.42.105.193 - - [31/May/2024:10:38:57 +0200] "POST /wp-login.php HTTP/1.0" 200 9869 "https://domain.es/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Edg/121.0.0.0"
And many more lines. However the IP is not blocked by the wordpress jail (or any other jail) So I assume this jail is not working. I didn´t change the filter of the jail:
[Definition]
failregex = ^<HOST>.* "POST .*/wp-login.php([/\?#\\].*)? HTTP/.*" 200
ignoreregex =
And didn´t touched anything in the jail itself.
So, can anybody please tell me how to tuning this in order to work?
Thank you