fail2ban integration for Ninja Firewall WP Plugin log
-
Hi all,
So after being hacked on a number of occasions I decided to take some measures to protect myself and block the hackers trying to take down my community site. After a little playing I created the following fail2ban filter and jail config. The jail looks for all critical firewall log entries and bans the ip attempting the action after the first attempt at a critical hack.
Pre reqs: Installed and functional fail2ban, installed wordpress, Ninja Firewall plugin installed and functional
Its also worth you knowing the location of the wp-content/nfwlog directory
Create a file /fail2ban_install_dir/filter.d/wp-nfw.conf
Paster The following into the file
[INCLUDES]
before = common.conf[Definition]
_daemon = wp-ninjafwfailregex = \[yourwebsite.com]\ \[.*]\ \[.*]\ \[3]\ \[<HOST>]\.*
ignoreregex =Next step check the config works by running “fail2ban-regex /website_location_dir/wp-content/nfwlog/firewall_year-month.php /fail2ban_install_dir/filter.d/wp-nfw.conf”
It should return a number of matches. If you have 0 matches something is wrong. Figure it out. If it fails you have not configured the filter or log path correctly.
OK, assuming all is good we now need to create the jail. Out of the box jail.local is not enabled. If you haven’t changed this then you must enter the following into jail.conf. If you have configured jail.local add the following to jail.local
[wp-ninja]
enabled = true
filter = wp-ninjafw
action = iptables-multiport[name=wp-nfw, port=”http,https”]
logpath = /var/www/*/web/wp-content/nfwlog/firewall_2016-*.php – This should be changed to your web directory and the correct year.
findtime = 31536000
bantime = 31536000
maxretry = 1Now do systemctl restart fail2ban
It should be successful. Run fail2ban-client status wp-nfw to see how many its its banned and the logs it checking.
Hope this helps people keep hackers out of their sites for good. Thanks to Ninja and fail2ban for provided awesome tools! Keep up the good work.
- The topic ‘fail2ban integration for Ninja Firewall WP Plugin log’ is closed to new replies.