Page 1 of 1

Fail2ban + WP Fail2Ban Redux

Posted: Mon Oct 08, 2018 3:34 pm
by augustocarmo
Hello, I'm tryinf to configure Fail2ban in my server. I downloaded the plugin WP Fail2Ban Redux, and followed the instalation procedure found here: https://github.com/thebrandonallen/wp-fail2ban-redux

When I restarted the server I got a error in the log:

Code: Select all

2018-10-08 11:39:16,001 fail2ban.action         [16540]: ERROR   ipset create fail2ban-wordpress hash:ip timeout 600
firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports http,https -m set --match-set fail2ban-wordpress src -j REJECT --reject-with icmp-port-unreachable -- stdout: ''
2018-10-08 11:39:16,001 fail2ban.action         [16540]: ERROR   ipset create fail2ban-wordpress hash:ip timeout 600
firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports http,https -m set --match-set fail2ban-wordpress src -j REJECT --reject-with icmp-port-unreachable -- stderr: 'FirewallD is not running\n'
2018-10-08 11:39:16,001 fail2ban.action         [16540]: ERROR   ipset create fail2ban-wordpress hash:ip timeout 600
firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports http,https -m set --match-set fail2ban-wordpress src -j REJECT --reject-with icmp-port-unreachable -- killed with signal 124 (return code: 252)
2018-10-08 11:39:16,001 fail2ban.actions        [16540]: ERROR   Failed to start jail 'wordpress' action 'firewallcmd-ipset': Error starting action
I don't know for sure but I toght that this error had something to do with the FirewallD, so I followed this tutorial: https://www.rosehosting.com/blog/set-up ... -centos-7/

Now when I restart the fail2ban I get no errors:

Code: Select all

2018-10-08 12:23:39,766 fail2ban.jail           [13842]: INFO    Jail 'wordpress-hard' started
2018-10-08 12:23:39,775 fail2ban.jail           [13842]: INFO    Jail 'wordpress-soft' started
But those filters aren't working, and the log files are empty.

Here is my config file:

Code: Select all


[wordpress-hard]
enabled = true
filter = wordpress-hard
logpath = /var/log/vesta/auth.log
maxretry = 2
port = http,https

[wordpress-soft]
enabled = true
filter = wordpress-soft
logpath = /var/log/vesta/auth.log
maxretry = 5
port = http,https

I don't know if I'm using the right path, but when I log in the VestaCP Panel I can see the entry in the log, but when I try to simulate a failed login in the Wordpress nothing is added in the log, and no IP is blocked.

Need some help.

Thanks

Re: Fail2ban + WP Fail2Ban Redux

Posted: Sun Dec 16, 2018 1:32 am
by misterpat
jail.local

Code: Select all

[wordpress-hard]
enabled = true
filter = wordpress-hard
action  = iptables-allports
logpath = /var/log/messages
maxretry = 1
port = http,https
logencoding = utf-8