Fail2ban 拦截暴力入侵 WordPress

Sam Tang

9 years ago

WordPress 是目前最受欢迎的 CMS, 而针对 WordPress 的攻击也很多, 本文会讲述使用 Fail2ban 拦截对 WordPress 的暴力入侵。

如果未安装 Fail2ban, 先安装 Fail2ban, 可以参考本站另一篇文章:

安装好 Fail2ban 后, 在 Fail2ban 的 filter 目录建立 wordpress 的 filter, 以下会以 /etc/fail2ban/filter.d/wordpress.conf 作为例子:

# vi /etc/fail2ban/filter.d/wordpress.conf

加入以下内容:

# WordPress brute force auth filter: /etc/fail2ban/filter.d/wordpress.conf:
#
# Block IPs trying to auth wp wordpress
#
#
[Definition]
failregex = ^<HOST> .* "POST .*wp-login.php
ignoreregex =

# WordPress brute force auth filter: /etc/fail2ban/filter.d/wordpress.conf:

# Block IPs trying to auth wp wordpress

[Definition]

failregex = ^<HOST> .* "POST .*wp-login.php

ignoreregex =

然后开启 Fail2ban 的设定档 /etc/fail2ban/jail.conf, 加入以下内容:

[wordpress]
enabled  = true
port     = http,https
action   = iptables-multiport[name=wordpress, port="http,https", protocol=tcp]
filter   = wordpress
logpath  = /var/log/httpd/access.log
findtime = 1800
bandtime = 1800
maxretry = 10

[wordpress]

enabled = true

port = http,https

action = iptables-multiport[name=wordpress, port="http,https", protocol=tcp]

filter = wordpress

logpath = /var/log/httpd/access.log

findtime = 1800

bandtime = 1800

maxretry = 10

上面的设定需要根据主机的环境设定:

logpath: 这是 Apache 纪录档的位置.
bantime: 封锁 IP 的时间, 单位是秒, 上面例子是封锁 IP 半小时.
maxretry: 最多登入次数, 上面设定了在半小时内有 10 次登入便会被封锁.

修改好 jail.conf 后, 重新启动 Fail2ban 便会生效:

# systemctl restart fail2ban

你可能感兴趣的内容