Proteger WordPress con Fail2ban.
Este método que explicaremos hoy, no solo es valido para proteger WordPress con Fail2ban, también es aplicable a la gran mayoría de CMS o aplicaciones que crees tu mismo.
Por ejemplo:
- WordPress
- Joomla
- Drupal
- Prestashop
- Magento
- Aplicaciones propias
- etc…
Este sistema esta indicado para protección contra Web Exploits.
Lo que haremos es crear un nuevo archivo de configuración en «filter.d«, y después el «jail» que corresponda.
Vemos como proteger WordPress, Joomla, Drupal, Prestashop, etc…
Proteger WordPress con Fail2ban (y otros CMS)
Creamos el archivo «webexploits.conf» en la carpeta «filter.d«.
nano /etc/fail2ban/filter.d/webexploits.conf
Copia y pega lo siguiente:
# Fail2Ban Web Exploits Filter [Definition] failregex = ^<HOST> -.*(GET|POST|HEAD).*(/.git/config) ^<HOST> -.*(GET|POST|HEAD).*(/:8880/) ^<HOST> -.*(GET|POST|HEAD).*(/addons/theme/stv1/_static/image/favicon.ico) ^<HOST> -.*(GET|POST|HEAD).*(/addons/theme/stv1/_static/ts2/layout.css) ^<HOST> -.*(GET|POST|HEAD).*(/addons/theme/stv2/_static/ts2/layout.css) ^<HOST> -.*(GET|POST|HEAD).*(/Admin/Common/HelpLinks.xml) ^<HOST> -.*(GET|POST|HEAD).*(/admin-console) ^<HOST> -.*(GET|POST|HEAD).*(/admin/inc/xml.xslt) ^<HOST> -.*(GET|POST|HEAD).*(/admin/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/administrator/components/com_xcloner-backupandrestore/index2.php) ^<HOST> -.*(GET|POST|HEAD).*(/administrator/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/administrator/manifests/files/joomla.xml) ^<HOST> -.*(GET|POST|HEAD).*(/admin/mysql2/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/admin/mysql/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/admin/phpmyadmin2/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/admin/phpmyadmin/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/admin/phpMyAdmin/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/admin/pma/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/admin/PMA/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/admin/SouthidcEditor/ButtonImage/standard/componentmenu.gif) ^<HOST> -.*(GET|POST|HEAD).*(/admin/SouthidcEditor/Dialog/dialog.js) ^<HOST> -.*(GET|POST|HEAD).*(/admin/SouthidcEditor/ewebeditor.asp) ^<HOST> -.*(GET|POST|HEAD).*(/API/DW/Dwplugin/SystemLabel/SiteConfig.htm) ^<HOST> -.*(GET|POST|HEAD).*(/API/DW/Dwplugin/TemplateManage/login_site.htm) ^<HOST> -.*(GET|POST|HEAD).*(/API/DW/Dwplugin/TemplateManage/manage_site.htm) ^<HOST> -.*(GET|POST|HEAD).*(/API/DW/Dwplugin/TemplateManage/save_template.htm) ^<HOST> -.*(GET|POST|HEAD).*(/API/DW/Dwplugin/ThirdPartyTags/SiteFactory.xml) ^<HOST> -.*(GET|POST|HEAD).*(/app/home/skins/default/style.css) ^<HOST> -.*(GET|POST|HEAD).*(/app/js/source/wcmlib/WCMConstants.js) ^<HOST> -.*(GET|POST|HEAD).*(/apple-app-site-association) ^<HOST> -.*(GET|POST|HEAD).*(/app/Tpl/fanwe_1/js/) ^<HOST> -.*(GET|POST|HEAD).*(/_asterisk/) ^<HOST> -.*(GET|POST|HEAD).*(/bencandy.php) ^<HOST> -.*(GET|POST|HEAD).*(/blog/administrator/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/cgi-bin/php) ^<HOST> -.*(GET|POST|HEAD).*(/cgi-bin/php5) ^<HOST> -.*(GET|POST|HEAD).*(/cgi/common.cgi) ^<HOST> -.*(GET|POST|HEAD).*(/CGI/Execute) ^<HOST> -.*(GET|POST|HEAD).*(/check.proxyradar.com/azenv.php) ^<HOST> -.*(GET|POST|HEAD).*(/ckeditor/ckfinder/ckfinder.html) ^<HOST> -.*(GET|POST|HEAD).*(/ckeditor/ckfinder/install.txt) ^<HOST> -.*(GET|POST|HEAD).*(/ckfinder/ckfinder.html) ^<HOST> -.*(GET|POST|HEAD).*(/ckfinder/install.txt) ^<HOST> -.*(GET|POST|HEAD).*(/ckupload.php) ^<HOST> -.*(GET|POST|HEAD).*(/claroline/phpMyAdmin/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/clases.gone.php) ^<HOST> -.*(GET|POST|HEAD).*(/cms/administrator) ^<HOST> -.*(GET|POST|HEAD).*(/command.php) ^<HOST> -.*(GET|POST|HEAD).*(/components/com_adsmanager/js/fullnoconflict.js) ^<HOST> -.*(GET|POST|HEAD).*(/components/com_b2jcontact/css/b2jcontact.css) ^<HOST> -.*(GET|POST|HEAD).*(/components/com_b2jcontact/router.php) ^<HOST> -.*(GET|POST|HEAD).*(/components/com_foxcontact/js/jtext.js) ^<HOST> -.*(GET|POST|HEAD).*(/components/com_sexycontactform/assets/js/index.html) ^<HOST> -.*(GET|POST|HEAD).*(/console/auth/reg_newuser.jsp) ^<HOST> -.*(GET|POST|HEAD).*(/console/include/not_login.htm) ^<HOST> -.*(GET|POST|HEAD).*(/console/js/CTRSRequestParam.js) ^<HOST> -.*(GET|POST|HEAD).*(/console/js/CWCMDialogHead.js) ^<HOST> -.*(GET|POST|HEAD).*(/currentsetting.htm) ^<HOST> -.*(GET|POST|HEAD).*(/CuteSoft_Client/CuteEditor/Help/default.htm) ^<HOST> -.*(GET|POST|HEAD).*(/CuteSoft_Client/CuteEditor/ImageEditor/listfiles.aspx) ^<HOST> -.*(GET|POST|HEAD).*(/CuteSoft_Client/CuteEditor/Images/log.gif) ^<HOST> -.*(GET|POST|HEAD).*(/data/admin/ver.txt) ^<HOST> -.*(GET|POST|HEAD).*(/datacenter/downloadApp/showDownload.do) ^<HOST> -.*(GET|POST|HEAD).*(/db/) ^<HOST> -.*(GET|POST|HEAD).*(/dbadmin/) ^<HOST> -.*(GET|POST|HEAD).*(/dbadmin/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/db/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/deptWebsiteAction.do) ^<HOST> -.*(GET|POST|HEAD).*(/eams/static/scripts/grade/course/input.js) ^<HOST> -.*(GET|POST|HEAD).*(/editor/js/fckeditorcode_ie.js) ^<HOST> -.*(GET|POST|HEAD).*(/examples/file-manager.html) ^<HOST> -.*(GET|POST|HEAD).*(/examples/index.html) ^<HOST> -.*(GET|POST|HEAD).*(/fckeditor/editor/dtd/fck_dtd_test.html) ^<HOST> -.*(GET|POST|HEAD).*(/fckeditor/editor/js/fckeditorcode_ie.js) ^<HOST> -.*(GET|POST|HEAD).*(/FCK/editor/js/fckeditorcode_ie.js) ^<HOST> -.*(GET|POST|HEAD).*(/fckeditor/license.txt) ^<HOST> -.*(GET|POST|HEAD).*(/getcfg.php) ^<HOST> -.*(GET|POST|HEAD).*(/get_password.php) ^<HOST> -.*(GET|POST|HEAD).*(/.git/info/) ^<HOST> -.*(GET|POST|HEAD).*(/Hello.World) ^<HOST> -.*(GET|POST|HEAD).*(/hndUnblock.cgi) ^<HOST> -.*(GET|POST|HEAD).*(/images/login9/login_33.jpg) ^<HOST> -.*(GET|POST|HEAD).*(/include/dialog/config.php) ^<HOST> -.*(GET|POST|HEAD).*(/include/install_ocx.aspx) ^<HOST> -.*(GET|POST|HEAD).*(/includes/css/styles-2014-06-25.css) ^<HOST> -.*(GET|POST|HEAD).*(/includes/facebox/facebox.css) ^<HOST> -.*(GET|POST|HEAD).*(/index.action) ^<HOST> -.*(GET|POST|HEAD).*(/ip_js.php) ^<HOST> -.*(GET|POST|HEAD).*(/issmall/) ^<HOST> -.*(GET|POST|HEAD).*(/jenkins/script) ^<HOST> -.*(GET|POST|HEAD).*(/jm-ajax/upload_file/) ^<HOST> -.*(GET|POST|HEAD).*(/jmx-console) ^<HOST> -.*(GET|POST|HEAD).*(/Joomla/administrator) ^<HOST> -.*(GET|POST|HEAD).*(/joomla/administrator/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/js/tools.js) ^<HOST> -.*(GET|POST|HEAD).*(/libraries/sfn.php) ^<HOST> -.*(GET|POST|HEAD).*(/license.txt) ^<HOST> -.*(GET|POST|HEAD).*(/License.txt) ^<HOST> -.*(GET|POST|HEAD).*(login.destroy.session) ^<HOST> -.*(GET|POST|HEAD).*(/login/Jeecms.do) ^<HOST> -.*(GET|POST|HEAD).*(/logo_img.php) ^<HOST> -.*(GET|POST|HEAD).*(/maintlogin.jsp) ^<HOST> -.*(GET|POST|HEAD).*(/manager/html) ^<HOST> -.*(GET|POST|HEAD).*(/manager/status) ^<HOST> -.*(GET|POST|HEAD).*(/master/login.aspx) ^<HOST> -.*(GET|POST|HEAD).*(/media/com_hikashop/js/hikashop.js) ^<HOST> -.*(GET|POST|HEAD).*(/misc/drupal.js) ^<HOST> -.*(GET|POST|HEAD).*(/modules/attributewizardpro/config.xml) ^<HOST> -.*(GET|POST|HEAD).*(/modules/columnadverts/config.xml) ^<HOST> -.*(GET|POST|HEAD).*(/modules/fieldvmegamenu/config.xml) ^<HOST> -.*(GET|POST|HEAD).*(/modules/homepageadvertise2/config.xml) ^<HOST> -.*(GET|POST|HEAD).*(/modules/homepageadvertise/config.xml) ^<HOST> -.*(GET|POST|HEAD).*(/modules/index.html) ^<HOST> -.*(GET|POST|HEAD).*(/modules/mod_simplefileuploadv1.3/elements/udd.php) ^<HOST> -.*(GET|POST|HEAD).*(/modules/pk_flexmenu/config.xml) ^<HOST> -.*(GET|POST|HEAD).*(/modules/pk_vertflexmenu/config.xml) ^<HOST> -.*(GET|POST|HEAD).*(/modules/wdoptionpanel/config.xml) ^<HOST> -.*(GET|POST|HEAD).*(/msd) ^<HOST> -.*(GET|POST|HEAD).*(/msd1.24.4) ^<HOST> -.*(GET|POST|HEAD).*(/msd1.24stable) ^<HOST> -.*(GET|POST|HEAD).*(mstshash=NCRACK_USER) ^<HOST> -.*(GET|POST|HEAD).*(/muieblackcat) ^<HOST> -.*(GET|POST|HEAD).*(/myadmin2/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/myadmin/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/myadmin/scripts/setup.php) ^<HOST> -.*(GET|POST|HEAD).*(/MyAdmin/scripts/setup.php) ^<HOST> -.*(GET|POST|HEAD).*(/mysql-admin/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/mysqladmin/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/mysqldumper) ^<HOST> -.*(GET|POST|HEAD).*(/mySqlDumper) ^<HOST> -.*(GET|POST|HEAD).*(/MySQLDumper) ^<HOST> -.*(GET|POST|HEAD).*(/mysql/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/phpadmin/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/phpma/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/phpmyadmin/) ^<HOST> -.*(GET|POST|HEAD).*(/phpmyadmin0/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/phpmyadmin1/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/phpmyadmin2/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/phpMyadmin_bak/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/phpmyadmin/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/phpMyAdmin/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/phpmyadmin-old/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/phpmyadmin/phpmyadmin/index.ph) ^<HOST> -.*(GET|POST|HEAD).*(/phpMyAdmin/phpMyAdmin/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/phpmyadmin/scripts/setup.php) ^<HOST> -.*(GET|POST|HEAD).*(/phpMyAdmin/scripts/setup.php) ^<HOST> -.*(GET|POST|HEAD).*(/plugins/anchor/anchor.js) ^<HOST> -.*(GET|POST|HEAD).*(/plugins/filemanager/filemanager/js) ^<HOST> -.*(GET|POST|HEAD).*(/plus/download.php) ^<HOST> -.*(GET|POST|HEAD).*(/plus/heightsearch.php) ^<HOST> -.*(GET|POST|HEAD).*(/plus/rssmap.html) ^<HOST> -.*(GET|POST|HEAD).*(/plus/sitemap.html) ^<HOST> -.*(GET|POST|HEAD).*(/pma/) ^<HOST> -.*(GET|POST|HEAD).*(/PMA/) ^<HOST> -.*(GET|POST|HEAD).*(/PMA2/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/pma/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/PMA/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/pmamy2/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/pmamy/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/pma-old/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/pma/scripts/setup.php) ^<HOST> -.*(GET|POST|HEAD).*(/pmd/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/privacy.txt) ^<HOST> -.*(GET|POST|HEAD).*(/resources/style/images/login/btn.png) ^<HOST> -.*(GET|POST|HEAD).*(/Scripts/jquery/maticsoft.jquery.min.js) ^<HOST> -.*(GET|POST|HEAD).*(/script/valid_formdata.js) ^<HOST> -.*(GET|POST|HEAD).*(/siteserver/login.aspx) ^<HOST> -.*(GET|POST|HEAD).*(/siteserver/upgrade/default.aspx) ^<HOST> -.*(GET|POST|HEAD).*(soap:Envelope) ^<HOST> -.*(GET|POST|HEAD).*(/stalker_portal/server/adm/tv-channels/iptv-list-json) ^<HOST> -.*(GET|POST|HEAD).*(/stalker_portal/server/adm/users/users-list-json) ^<HOST> -.*(GET|POST|HEAD).*(/stssys.htm) ^<HOST> -.*(GET|POST|HEAD).*(/sys.cache.php) ^<HOST> -.*(GET|POST|HEAD).*(/system/assets/jquery/jquery-2.x.min.js) ^<HOST> -.*(GET|POST|HEAD).*(/template/1/bluewise/_files/jspxcms.css) ^<HOST> -.*(GET|POST|HEAD).*(/templates/jsn_glass_pro/ext/hikashop/jsn_ext_hikashop.css) ^<HOST> -.*(GET|POST|HEAD).*(/test_404_page/) ^<HOST> -.*(GET|POST|HEAD).*(/test_for_404/) ^<HOST> -.*(GET|POST|HEAD).*(:Test Wuz Here) ^<HOST> -.*(GET|POST|HEAD).*(/tmUnblock.cgi) ^<HOST> -.*(GET|POST|HEAD).*(/tools/phpMyAdmin/index.ph) ^<HOST> -.*(GET|POST|HEAD).*(/typo3/phpmyadmin/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/uc_server/control/admin/db.php) ^<HOST> -.*(GET|POST|HEAD).*(/update.php) ^<HOST> -.*(GET|POST|HEAD).*(/upload/bank-icons/) ^<HOST> -.*(GET|POST|HEAD).*(/UserCenter/css/admin/bgimg/admin_all_bg.png) ^<HOST> -.*(GET|POST|HEAD).*(/.user.ini) ^<HOST> -.*(GET|POST|HEAD).*(/user/register?element_parents=account) ^<HOST> -.*(GET|POST|HEAD).*(/user/themes/antimatter/js/antimatter.js) ^<HOST> -.*(GET|POST|HEAD).*(/user/themes/antimatter/js/modernizr.custom.71422.js) ^<HOST> -.*(GET|POST|HEAD).*(/user/themes/antimatter/js/slidebars.min.js) ^<HOST> -.*(GET|POST|HEAD).*(/w00tw00t.at.blackhats.romanian.anti-sec) ^<HOST> -.*(GET|POST|HEAD).*(/w00tw00t.at.ISC.SANS.DFind) ^<HOST> -.*(GET|POST|HEAD).*(/webbuilder/script/locale/wb-lang-zh_CN.js) ^<HOST> -.*(GET|POST|HEAD).*(/web-console) ^<HOST> -.*(GET|POST|HEAD).*(/webdav) ^<HOST> -.*(GET|POST|HEAD).*(/web/phpMyAdmin/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/.well-known/apple-app-site-association) ^<HOST> -.*(GET|POST|HEAD).*(/.well-known/assetlinks.json) ^<HOST> -.*(GET|POST|HEAD).*(/.well-known/security.txt) ^<HOST> -.*(GET|POST|HEAD).*(/whir_system/login.aspx) ^<HOST> -.*(GET|POST|HEAD).*(/whir_system/module/security/login.aspx) ^<HOST> -.*(GET|POST|HEAD).*(/wls-wsat/CoordinatorPortType) ^<HOST> -.*(GET|POST|HEAD).*(/wpbase/url.php) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/accesspress-anonymous-post-pro/js/admin-extra.js) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/advanced-ajax-page-loader/reload_code.js) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/another-wordpress-classifieds-plugin/AWPCP.po) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/apikey/apikey.php) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/apikey/debug-wp.php) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/boxit/upload.php) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/cacheformwp.php) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/cardoza-facebook-like-box/admin_cardozafacebook.css) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/category-grid-view-gallery/cat_grid.php) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/cherry-plugin/admin/css/cherry-admin-plugin.css) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/cherry-plugin/admin/js/cherry-admin-plugin.js) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/cimy-user-extra-fields/README_OFFICIAL.txt) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/contact-form-7/license.txt) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/custom-content-type-manager/index.html) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/delete-all-comments/backup/bp.php) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/delete-all-comments/delete-all-comments.php) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/dzs-videogallery/admin/admin_global.js) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/dzs-videogallery/admin/dzsuploader/upload.js) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/dzs-zoomsounds/admin/upload.php) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/font-uploader/fontFunctions/fu_script.js) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/font-uploader/font-uploader-free.php) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/formidable/css/frm_fonts.css) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/front-end-upload/destination.php) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/front-file-manager/readme.txt) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/gallery-plugin/css/stylesheet.css) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/gallery-plugin/gallery-plugin.php) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/gallery-slider/register.php) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/gravityforms/css/preview.css) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/jetpack/class.jetpack-ixr-client.php) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/jssor-slider/assets/css/system-message.css) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/mac-dock-gallery/bugslist.tx) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/mac-dock-gallery/bugslist.txt) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/magic-fields/MF_Constant.php) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/mailpress/mp-includes/action.php) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/mailpress/mp-includes/js/mp_thickbox.js) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/mm-forms-community/includes/doajaxfileupload.php) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/nextgen-gallery/changelog.txt) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/ninja-forms/ninja_forms.php) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/nmedia-user-file-uploader/readme.txt) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/php-event-calendar/js/file-uploader/app.js) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/real3d-flipbook/js/share.min.js) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/resume-submissions-job-postings/installer.php) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/showbiz/css/post_settings.css) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/simple-dropbox-upload-form/index.php) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-custom_fields/css/jquery.lightbox.css) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/user-avatar/readme.txt) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/user-meta/readme.txt) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/userpro/css/userpro-editor.css) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/website-contact-form-with-file-upload/js/nm-global.js) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/woocommerce-catalog-enquiry/assets/frontend/css/frontend.css) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/woocommerce-catalog-enquiry/assets/frontend/js/chosen.js) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/woocommerce-product-addon/js/nm-global.js) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/wp-copysafe-pdf/lib/uploadify/uploadify.php) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/wp-e-commerce/license.txt) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/wp-editor/readme.txt) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/wp-filemanager/fm.php) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/wp-handy-lightbox/begin.php) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/wp-homepage-slideshow/functions.php) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/wp-image-news-slider/functions.php) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/wp-mailinglist/vendors/uploadify/upload.php) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/wpmarketplace/readme.txt) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/wp-property/action_hooks.php) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/wp-ps.php) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/wpstorecart/lgpl.txt) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/wp-support-plus-responsive-ticket-system/asset/js/admin.js) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/wp-symposium/readme.txt) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/wysija-newsletters/readme.txt) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/themes/deep-blue/megaframe/megapanel/inc/functions.php) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/themes/directorypress/thumbs/67-43-2013-05-14517625.pdf) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/themes/kahuna/resources/images/headers/lunch.jpg) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/themes/twentyeleven/404.php) ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/themes/u-design/style.css) ^<HOST> -.*(GET|POST|HEAD).*(/wp-includes/wlwmanifest.xml) ^<HOST> -.*(GET|POST|HEAD).*(/wp-login.php) ^<HOST> -.*(GET|POST|HEAD).*(/www/phpMyAdmin/index.php) ^<HOST> -.*(GET|POST|HEAD).*(\x00Cookie:) ^<HOST> -.*(GET|POST|HEAD).*(\x22cache_name_function) ^<HOST> -.*(GET|POST|HEAD).*(\x22JDatabaseDriverMysqli) ^<HOST> -.*(GET|POST|HEAD).*(\x22JSimplepieFactory) ^<HOST> -.*(GET|POST|HEAD).*(\x22sanitize) ^<HOST> -.*(GET|POST|HEAD).*(\x22SimplePie) ^<HOST> -.*(GET|POST|HEAD).*(\x5C0disconnectHandlers) ^<HOST> -.*(GET|POST|HEAD).*(/xampp/phpmyadmin/index.php) ignoreregex =
El archivo «webexploits.conf» que te propongo es bastante completo (los CMS más utilizados), aun así puedes borrar o agregar rutas que te interesen ser protegidas.
Guarda el archivo y cierra el editor.
Ahora creamos el «jail«, por tanto debemos editar el archivo «jail.local» (asegúrate de insertar el jail correcto dependiendo si usas apache o nginx).
Editamos el archivo:
nano /etc/fail2ban/jail.local
Si utilizamos Apache, copia y pega lo siguiente:
[webexploits] enabled = true port = http,https filter = webexploits logpath = %(apache_access_log)s maxretry = 3
Si es Nginx, copia y pega lo siguiente:
[webexploits] enabled = true port = http,https filter = webexploits logpath = %(nginx_access_log)s maxretry = 3
Guarda el archivo y cierra el editor.
Ya lo tenemos… solo falta reiniciar Fail2ban.
sudo service fail2ban stop && sudo service fail2ban start
Espero te resulte útil este articulo, compártelo.
En sí, el FAIL2BAN es una excelente herramienta, una primera barrera de protección para cualquier servicio.
Al principio cuesta adaptarse a ser consciente de los tantos ataques que son sometidos los servidores y los avisos de alerta que te ofrece FAIL2BAN, pero con el tiempo los mitigas pero ojo, no bajas la guarda.