Fail2Ban filter for Ninjafirewall WP+ Edition syslog events
Note: This will only work if you have full access to your web server's
How to use:
- Purchase, install and configure Ninjafirewall (WP+ Edition) to your WordPress web site.
- Enable Firewall Logging in the
Ninjafirewall+ | Firewall Logmenu.
Write events to the Syslog server toooption.
- Copy /filter.d/ninjafirewall-syslog.conf from this repository to
- Add a
[ninjafirewall-syslog]section to the Jails section of your
[ninjafirewall-syslog] port = http,https filter = ninjafirewall-syslog logpath = %(syslog_ftp)s backend = %(syslog_backend)s maxretry = 2 enabled = true
- Restart Fail2Ban:
sudo service fail2ban restart
- Keep the
maxretryoverride value low; 2 is good, 1 is too low. Attacks are often distributed, with each IP address only being used once. This will create a lot of unnecessary IP bans. Heavier attacks, or smaller bot-nets, will reuse IP addresses, so a setting of 2 will block them.
- If using CloudFlare on the web site, please see the fail2ban-action-cloudflare-restv4 repository for an updated CloudFlare action configuration file.