一言不合就屏蔽,Fail2ban 防止 WordPress 穷举

一次密码错误就屏蔽 IP,不过如果攻击者每试一次都换一个 IP,那就不知道怎么办了。

新建一个 WordPress 规则:

# WordPress brute force auth filter: /etc/fail2ban/filter.d/wp-auth.conf:
#
# Block IPs trying to auth wp wordpress
#
# Matches e.g.
# 12.34.33.22 - [07/Jun/2014:11:15:29] "POST /wp/wp-login.php HTTP/1.0" 200 4523
#
[Definition]
failregex = ^<HOST> .* "POST /wp-login.php
ignoreregex =

然后加入执行限制:

[wp-auth]
enabled = true  
filter = wordpress
port = http,https,333
action = iptables-multiport[name=NoAuthFailures, port="http,https"]
logpath = /home/wwwlogs/*.log  
bantime = 60
maxretry = 1

为了避免把自己坑了,60 秒就够了。

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.