• Resolved masatit

    (@masatit)


    Hi all,

    So after being hacked on a number of occasions I decided to take some measures to protect myself and block the hackers trying to take down my community site. After a little playing I created the following fail2ban filter and jail config. The jail looks for all critical firewall log entries and bans the ip attempting the action after the first attempt at a critical hack.

    Pre reqs: Installed and functional fail2ban, installed wordpress, Ninja Firewall plugin installed and functional

    Its also worth you knowing the location of the wp-content/nfwlog directory

    Create a file /fail2ban_install_dir/filter.d/wp-nfw.conf

    Paster The following into the file

    [INCLUDES]
    before = common.conf

    [Definition]
    _daemon = wp-ninjafw

    failregex = \[yourwebsite.com]\ \[.*]\ \[.*]\ \[3]\ \[<HOST>]\.*
    ignoreregex =

    Next step check the config works by running “fail2ban-regex /website_location_dir/wp-content/nfwlog/firewall_year-month.php /fail2ban_install_dir/filter.d/wp-nfw.conf”

    It should return a number of matches. If you have 0 matches something is wrong. Figure it out. If it fails you have not configured the filter or log path correctly.

    OK, assuming all is good we now need to create the jail. Out of the box jail.local is not enabled. If you haven’t changed this then you must enter the following into jail.conf. If you have configured jail.local add the following to jail.local

    [wp-ninja]
    enabled = true
    filter = wp-ninjafw
    action = iptables-multiport[name=wp-nfw, port=”http,https”]
    logpath = /var/www/*/web/wp-content/nfwlog/firewall_2016-*.php – This should be changed to your web directory and the correct year.
    findtime = 31536000
    bantime = 31536000
    maxretry = 1

    Now do systemctl restart fail2ban

    It should be successful. Run fail2ban-client status wp-nfw to see how many its its banned and the logs it checking.

    Hope this helps people keep hackers out of their sites for good. Thanks to Ninja and fail2ban for provided awesome tools! Keep up the good work.

    https://wordpress.org/plugins/ninjafirewall/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Thanks for sharing your Fail2ban configuration.

    Thread Starter masatit

    (@masatit)

    Quick edit to the above is the status command should be Run fail2ban-client status wp-ninja.

    I just had to log-in and thank you for sharing this configuration. It’s exactly the link I was missing in my security solution — can’t wait to see it in action.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘fail2ban integration for Ninja Firewall WP Plugin log’ is closed to new replies.