Resolved plesk wordpress jail flaw

Dork · Jun 3, 2023

The wordpress jail treats a perl script as a wordpress object

Peter Debik · Jun 3, 2023

The Wordpress jail reacts on failed Wordpress logins. If your Perl script is named like the Wordpress login and shows a similar behavior then yes, the jail will react.

Dork · Jun 7, 2023

Peter Debik said:
The Wordpress jail reacts on failed Wordpress logins. If your Perl script is named like the Wordpress login and shows a similar behavior then yes, the jail will react.

But Perl files use the extension pl and PHP files the extension php

Kaspar · Jun 7, 2023

I assume you mean the fail2ban jail?

The Wordpress fail2ban filter should (by default) not act on anything other than post requests to a file named wp-login.php. That being said, it depends on what your Perl script does. If it's action matches the fail2ban filter it is possible that the jail gets triggerd.

Post your fail2ban Wordpress rule and filter and an excerpt that contains access entries of the perl script from the access log if you want me to take a more in dept look.

Dork · Jun 7, 2023

Kaspar said:
I assume you mean the fail2ban jail?

The Wordpress fail2ban filter should (by default) not act on anything other than post requests to a file named wp-login.php. That being said, it depends on what your Perl script does. If it's action matches the fail2ban filter it is possible that the jail gets triggerd.

Post your fail2ban Wordpress rule and filter and an excerpt that contains access entries of the perl script from the access log if you want me to take a more in dept look.

Thanks for your explaination.
It is always a get request and the f2b action came as a result of the http error code 504 (line of the errorlog file)
So I think that I can forget it.

Resolved plesk wordpress jail flaw

Dork

Regular Pleskian

Peter Debik

Community Manager until 3/2024

Dork

Regular Pleskian

Kaspar

API expert

Dork

Regular Pleskian

Similar threads