一次密码错误就屏蔽 IP,不过如果攻击者每试一次都换一个 IP,那就不知道怎么办了。
新建一个 WordPress 规则:
# WordPress brute force auth filter: /etc/fail2ban/filter.d/wp-auth.conf: # # Block IPs trying to auth wp wordpress # # Matches e.g. # 12.34.33.22 - [07/Jun/2014:11:15:29] "POST /wp/wp-login.php HTTP/1.0" 200 4523 # [Definition] failregex = ^<HOST> .* "POST /wp-login.php ignoreregex =
然后加入执行限制:
[wp-auth] enabled = true filter = wordpress port = http,https,333 action = iptables-multiport[name=NoAuthFailures, port="http,https"] logpath = /home/wwwlogs/*.log bantime = 60 maxretry = 1
为了避免把自己坑了,60 秒就够了。