一言不合就屏蔽，Fail2ban 防止 WordPress 穷举

August 30, 2016 flymemory

一次密码错误就屏蔽 IP，不过如果攻击者每试一次都换一个 IP，那就不知道怎么办了。

新建一个 WordPress 规则：

# WordPress brute force auth filter: /etc/fail2ban/filter.d/wp-auth.conf:

# Block IPs trying to auth wp wordpress

# Matches e.g.

# 12.34.33.22 - [07/Jun/2014:11:15:29] "POST /wp/wp-login.php HTTP/1.0" 200 4523

[Definition]

failregex = ^<HOST> .* "POST /wp-login.php

ignoreregex =

然后加入执行限制：

[wp-auth]

enabled = true

filter = wordpress

port = http,https,333

action = iptables-multiport[name=NoAuthFailures, port="http,https"]

logpath = /home/wwwlogs/*.log

bantime = 60

maxretry = 1

为了避免把自己坑了，60 秒就够了。

勿忘初心