Hello !
I installed fail2ban V0.9.7 on centos 7 on which I do run wordpress website. The server is behind a proxy. To block wordpress bruteforce attacke, I used the filter : [Definition] failregex = ^<HOST> .* "POST /wp-login.php ^<HOST> .* "GET /wp-signup.php ignoreregex = In my jail.local: [wp-auth] enabled = true filter = wordpress-auth logpath = /home/logs/sitelogs/*access.log bantime = 1200 maxretry = 8 findtime = 600 port = 80,81 This does work correctly. I can see IP blocked for 20min. For recidive attack, I enabled recidive filter. I kept the default parameter. I can see in the iptables, that IP are added in recidive section but even if they are there, the wordpress-auth continue to block them too. Is that normal or did I miss something somewhere? I would expect IP being blocked when in recidive section and so I should not get any log for those IPs in the wordpress log files. Below the top of the iptables command: Chain INPUT (policy ACCEPT) target prot opt source destination f2b-wp-auth tcp -- anywhere anywhere multiport dports http,81 f2b-apache tcp -- anywhere anywhere multiport dports http,81 f2b-recidive tcp -- anywhere anywhere f2b-apache-overflows tcp -- anywhere anywhere multiport dports http,81 f2b-apache-noscript tcp -- anywhere anywhere multiport dports http,81 f2b-apache-badbots tcp -- anywhere anywhere multiport dports http,81 f2b-sshd tcp -- anywhere anywhere multiport dports ssh Any help / explanation would be appreciated ☺ Thx!
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
