Proteger WordPress con Fail2ban.
Este método que explicaremos hoy, no solo es valido para proteger WordPress con Fail2ban, también es aplicable a la gran mayoría de CMS o aplicaciones que crees tu mismo.
Por ejemplo:
- WordPress
- Joomla
- Drupal
- Prestashop
- Magento
- Aplicaciones propias
- etc…
Este sistema esta indicado para protección contra Web Exploits.
Lo que haremos es crear un nuevo archivo de configuración en «filter.d«, y después el «jail» que corresponda.
Vemos como proteger WordPress, Joomla, Drupal, Prestashop, etc…
Proteger WordPress con Fail2ban (y otros CMS)
Creamos el archivo «webexploits.conf» en la carpeta «filter.d«.
nano /etc/fail2ban/filter.d/webexploits.conf
Copia y pega lo siguiente:
# Fail2Ban Web Exploits Filter
[Definition]
failregex = ^<HOST> -.*(GET|POST|HEAD).*(/.git/config)
^<HOST> -.*(GET|POST|HEAD).*(/:8880/)
^<HOST> -.*(GET|POST|HEAD).*(/addons/theme/stv1/_static/image/favicon.ico)
^<HOST> -.*(GET|POST|HEAD).*(/addons/theme/stv1/_static/ts2/layout.css)
^<HOST> -.*(GET|POST|HEAD).*(/addons/theme/stv2/_static/ts2/layout.css)
^<HOST> -.*(GET|POST|HEAD).*(/Admin/Common/HelpLinks.xml)
^<HOST> -.*(GET|POST|HEAD).*(/admin-console)
^<HOST> -.*(GET|POST|HEAD).*(/admin/inc/xml.xslt)
^<HOST> -.*(GET|POST|HEAD).*(/admin/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/administrator/components/com_xcloner-backupandrestore/index2.php)
^<HOST> -.*(GET|POST|HEAD).*(/administrator/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/administrator/manifests/files/joomla.xml)
^<HOST> -.*(GET|POST|HEAD).*(/admin/mysql2/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/admin/mysql/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/admin/phpmyadmin2/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/admin/phpmyadmin/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/admin/phpMyAdmin/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/admin/pma/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/admin/PMA/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/admin/SouthidcEditor/ButtonImage/standard/componentmenu.gif)
^<HOST> -.*(GET|POST|HEAD).*(/admin/SouthidcEditor/Dialog/dialog.js)
^<HOST> -.*(GET|POST|HEAD).*(/admin/SouthidcEditor/ewebeditor.asp)
^<HOST> -.*(GET|POST|HEAD).*(/API/DW/Dwplugin/SystemLabel/SiteConfig.htm)
^<HOST> -.*(GET|POST|HEAD).*(/API/DW/Dwplugin/TemplateManage/login_site.htm)
^<HOST> -.*(GET|POST|HEAD).*(/API/DW/Dwplugin/TemplateManage/manage_site.htm)
^<HOST> -.*(GET|POST|HEAD).*(/API/DW/Dwplugin/TemplateManage/save_template.htm)
^<HOST> -.*(GET|POST|HEAD).*(/API/DW/Dwplugin/ThirdPartyTags/SiteFactory.xml)
^<HOST> -.*(GET|POST|HEAD).*(/app/home/skins/default/style.css)
^<HOST> -.*(GET|POST|HEAD).*(/app/js/source/wcmlib/WCMConstants.js)
^<HOST> -.*(GET|POST|HEAD).*(/apple-app-site-association)
^<HOST> -.*(GET|POST|HEAD).*(/app/Tpl/fanwe_1/js/)
^<HOST> -.*(GET|POST|HEAD).*(/_asterisk/)
^<HOST> -.*(GET|POST|HEAD).*(/bencandy.php)
^<HOST> -.*(GET|POST|HEAD).*(/blog/administrator/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/cgi-bin/php)
^<HOST> -.*(GET|POST|HEAD).*(/cgi-bin/php5)
^<HOST> -.*(GET|POST|HEAD).*(/cgi/common.cgi)
^<HOST> -.*(GET|POST|HEAD).*(/CGI/Execute)
^<HOST> -.*(GET|POST|HEAD).*(/check.proxyradar.com/azenv.php)
^<HOST> -.*(GET|POST|HEAD).*(/ckeditor/ckfinder/ckfinder.html)
^<HOST> -.*(GET|POST|HEAD).*(/ckeditor/ckfinder/install.txt)
^<HOST> -.*(GET|POST|HEAD).*(/ckfinder/ckfinder.html)
^<HOST> -.*(GET|POST|HEAD).*(/ckfinder/install.txt)
^<HOST> -.*(GET|POST|HEAD).*(/ckupload.php)
^<HOST> -.*(GET|POST|HEAD).*(/claroline/phpMyAdmin/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/clases.gone.php)
^<HOST> -.*(GET|POST|HEAD).*(/cms/administrator)
^<HOST> -.*(GET|POST|HEAD).*(/command.php)
^<HOST> -.*(GET|POST|HEAD).*(/components/com_adsmanager/js/fullnoconflict.js)
^<HOST> -.*(GET|POST|HEAD).*(/components/com_b2jcontact/css/b2jcontact.css)
^<HOST> -.*(GET|POST|HEAD).*(/components/com_b2jcontact/router.php)
^<HOST> -.*(GET|POST|HEAD).*(/components/com_foxcontact/js/jtext.js)
^<HOST> -.*(GET|POST|HEAD).*(/components/com_sexycontactform/assets/js/index.html)
^<HOST> -.*(GET|POST|HEAD).*(/console/auth/reg_newuser.jsp)
^<HOST> -.*(GET|POST|HEAD).*(/console/include/not_login.htm)
^<HOST> -.*(GET|POST|HEAD).*(/console/js/CTRSRequestParam.js)
^<HOST> -.*(GET|POST|HEAD).*(/console/js/CWCMDialogHead.js)
^<HOST> -.*(GET|POST|HEAD).*(/currentsetting.htm)
^<HOST> -.*(GET|POST|HEAD).*(/CuteSoft_Client/CuteEditor/Help/default.htm)
^<HOST> -.*(GET|POST|HEAD).*(/CuteSoft_Client/CuteEditor/ImageEditor/listfiles.aspx)
^<HOST> -.*(GET|POST|HEAD).*(/CuteSoft_Client/CuteEditor/Images/log.gif)
^<HOST> -.*(GET|POST|HEAD).*(/data/admin/ver.txt)
^<HOST> -.*(GET|POST|HEAD).*(/datacenter/downloadApp/showDownload.do)
^<HOST> -.*(GET|POST|HEAD).*(/db/)
^<HOST> -.*(GET|POST|HEAD).*(/dbadmin/)
^<HOST> -.*(GET|POST|HEAD).*(/dbadmin/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/db/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/deptWebsiteAction.do)
^<HOST> -.*(GET|POST|HEAD).*(/eams/static/scripts/grade/course/input.js)
^<HOST> -.*(GET|POST|HEAD).*(/editor/js/fckeditorcode_ie.js)
^<HOST> -.*(GET|POST|HEAD).*(/examples/file-manager.html)
^<HOST> -.*(GET|POST|HEAD).*(/examples/index.html)
^<HOST> -.*(GET|POST|HEAD).*(/fckeditor/editor/dtd/fck_dtd_test.html)
^<HOST> -.*(GET|POST|HEAD).*(/fckeditor/editor/js/fckeditorcode_ie.js)
^<HOST> -.*(GET|POST|HEAD).*(/FCK/editor/js/fckeditorcode_ie.js)
^<HOST> -.*(GET|POST|HEAD).*(/fckeditor/license.txt)
^<HOST> -.*(GET|POST|HEAD).*(/getcfg.php)
^<HOST> -.*(GET|POST|HEAD).*(/get_password.php)
^<HOST> -.*(GET|POST|HEAD).*(/.git/info/)
^<HOST> -.*(GET|POST|HEAD).*(/Hello.World)
^<HOST> -.*(GET|POST|HEAD).*(/hndUnblock.cgi)
^<HOST> -.*(GET|POST|HEAD).*(/images/login9/login_33.jpg)
^<HOST> -.*(GET|POST|HEAD).*(/include/dialog/config.php)
^<HOST> -.*(GET|POST|HEAD).*(/include/install_ocx.aspx)
^<HOST> -.*(GET|POST|HEAD).*(/includes/css/styles-2014-06-25.css)
^<HOST> -.*(GET|POST|HEAD).*(/includes/facebox/facebox.css)
^<HOST> -.*(GET|POST|HEAD).*(/index.action)
^<HOST> -.*(GET|POST|HEAD).*(/ip_js.php)
^<HOST> -.*(GET|POST|HEAD).*(/issmall/)
^<HOST> -.*(GET|POST|HEAD).*(/jenkins/script)
^<HOST> -.*(GET|POST|HEAD).*(/jm-ajax/upload_file/)
^<HOST> -.*(GET|POST|HEAD).*(/jmx-console)
^<HOST> -.*(GET|POST|HEAD).*(/Joomla/administrator)
^<HOST> -.*(GET|POST|HEAD).*(/joomla/administrator/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/js/tools.js)
^<HOST> -.*(GET|POST|HEAD).*(/libraries/sfn.php)
^<HOST> -.*(GET|POST|HEAD).*(/license.txt)
^<HOST> -.*(GET|POST|HEAD).*(/License.txt)
^<HOST> -.*(GET|POST|HEAD).*(login.destroy.session)
^<HOST> -.*(GET|POST|HEAD).*(/login/Jeecms.do)
^<HOST> -.*(GET|POST|HEAD).*(/logo_img.php)
^<HOST> -.*(GET|POST|HEAD).*(/maintlogin.jsp)
^<HOST> -.*(GET|POST|HEAD).*(/manager/html)
^<HOST> -.*(GET|POST|HEAD).*(/manager/status)
^<HOST> -.*(GET|POST|HEAD).*(/master/login.aspx)
^<HOST> -.*(GET|POST|HEAD).*(/media/com_hikashop/js/hikashop.js)
^<HOST> -.*(GET|POST|HEAD).*(/misc/drupal.js)
^<HOST> -.*(GET|POST|HEAD).*(/modules/attributewizardpro/config.xml)
^<HOST> -.*(GET|POST|HEAD).*(/modules/columnadverts/config.xml)
^<HOST> -.*(GET|POST|HEAD).*(/modules/fieldvmegamenu/config.xml)
^<HOST> -.*(GET|POST|HEAD).*(/modules/homepageadvertise2/config.xml)
^<HOST> -.*(GET|POST|HEAD).*(/modules/homepageadvertise/config.xml)
^<HOST> -.*(GET|POST|HEAD).*(/modules/index.html)
^<HOST> -.*(GET|POST|HEAD).*(/modules/mod_simplefileuploadv1.3/elements/udd.php)
^<HOST> -.*(GET|POST|HEAD).*(/modules/pk_flexmenu/config.xml)
^<HOST> -.*(GET|POST|HEAD).*(/modules/pk_vertflexmenu/config.xml)
^<HOST> -.*(GET|POST|HEAD).*(/modules/wdoptionpanel/config.xml)
^<HOST> -.*(GET|POST|HEAD).*(/msd)
^<HOST> -.*(GET|POST|HEAD).*(/msd1.24.4)
^<HOST> -.*(GET|POST|HEAD).*(/msd1.24stable)
^<HOST> -.*(GET|POST|HEAD).*(mstshash=NCRACK_USER)
^<HOST> -.*(GET|POST|HEAD).*(/muieblackcat)
^<HOST> -.*(GET|POST|HEAD).*(/myadmin2/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/myadmin/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/myadmin/scripts/setup.php)
^<HOST> -.*(GET|POST|HEAD).*(/MyAdmin/scripts/setup.php)
^<HOST> -.*(GET|POST|HEAD).*(/mysql-admin/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/mysqladmin/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/mysqldumper)
^<HOST> -.*(GET|POST|HEAD).*(/mySqlDumper)
^<HOST> -.*(GET|POST|HEAD).*(/MySQLDumper)
^<HOST> -.*(GET|POST|HEAD).*(/mysql/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/phpadmin/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/phpma/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/phpmyadmin/)
^<HOST> -.*(GET|POST|HEAD).*(/phpmyadmin0/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/phpmyadmin1/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/phpmyadmin2/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/phpMyadmin_bak/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/phpmyadmin/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/phpMyAdmin/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/phpmyadmin-old/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/phpmyadmin/phpmyadmin/index.ph)
^<HOST> -.*(GET|POST|HEAD).*(/phpMyAdmin/phpMyAdmin/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/phpmyadmin/scripts/setup.php)
^<HOST> -.*(GET|POST|HEAD).*(/phpMyAdmin/scripts/setup.php)
^<HOST> -.*(GET|POST|HEAD).*(/plugins/anchor/anchor.js)
^<HOST> -.*(GET|POST|HEAD).*(/plugins/filemanager/filemanager/js)
^<HOST> -.*(GET|POST|HEAD).*(/plus/download.php)
^<HOST> -.*(GET|POST|HEAD).*(/plus/heightsearch.php)
^<HOST> -.*(GET|POST|HEAD).*(/plus/rssmap.html)
^<HOST> -.*(GET|POST|HEAD).*(/plus/sitemap.html)
^<HOST> -.*(GET|POST|HEAD).*(/pma/)
^<HOST> -.*(GET|POST|HEAD).*(/PMA/)
^<HOST> -.*(GET|POST|HEAD).*(/PMA2/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/pma/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/PMA/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/pmamy2/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/pmamy/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/pma-old/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/pma/scripts/setup.php)
^<HOST> -.*(GET|POST|HEAD).*(/pmd/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/privacy.txt)
^<HOST> -.*(GET|POST|HEAD).*(/resources/style/images/login/btn.png)
^<HOST> -.*(GET|POST|HEAD).*(/Scripts/jquery/maticsoft.jquery.min.js)
^<HOST> -.*(GET|POST|HEAD).*(/script/valid_formdata.js)
^<HOST> -.*(GET|POST|HEAD).*(/siteserver/login.aspx)
^<HOST> -.*(GET|POST|HEAD).*(/siteserver/upgrade/default.aspx)
^<HOST> -.*(GET|POST|HEAD).*(soap:Envelope)
^<HOST> -.*(GET|POST|HEAD).*(/stalker_portal/server/adm/tv-channels/iptv-list-json)
^<HOST> -.*(GET|POST|HEAD).*(/stalker_portal/server/adm/users/users-list-json)
^<HOST> -.*(GET|POST|HEAD).*(/stssys.htm)
^<HOST> -.*(GET|POST|HEAD).*(/sys.cache.php)
^<HOST> -.*(GET|POST|HEAD).*(/system/assets/jquery/jquery-2.x.min.js)
^<HOST> -.*(GET|POST|HEAD).*(/template/1/bluewise/_files/jspxcms.css)
^<HOST> -.*(GET|POST|HEAD).*(/templates/jsn_glass_pro/ext/hikashop/jsn_ext_hikashop.css)
^<HOST> -.*(GET|POST|HEAD).*(/test_404_page/)
^<HOST> -.*(GET|POST|HEAD).*(/test_for_404/)
^<HOST> -.*(GET|POST|HEAD).*(:Test Wuz Here)
^<HOST> -.*(GET|POST|HEAD).*(/tmUnblock.cgi)
^<HOST> -.*(GET|POST|HEAD).*(/tools/phpMyAdmin/index.ph)
^<HOST> -.*(GET|POST|HEAD).*(/typo3/phpmyadmin/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/uc_server/control/admin/db.php)
^<HOST> -.*(GET|POST|HEAD).*(/update.php)
^<HOST> -.*(GET|POST|HEAD).*(/upload/bank-icons/)
^<HOST> -.*(GET|POST|HEAD).*(/UserCenter/css/admin/bgimg/admin_all_bg.png)
^<HOST> -.*(GET|POST|HEAD).*(/.user.ini)
^<HOST> -.*(GET|POST|HEAD).*(/user/register?element_parents=account)
^<HOST> -.*(GET|POST|HEAD).*(/user/themes/antimatter/js/antimatter.js)
^<HOST> -.*(GET|POST|HEAD).*(/user/themes/antimatter/js/modernizr.custom.71422.js)
^<HOST> -.*(GET|POST|HEAD).*(/user/themes/antimatter/js/slidebars.min.js)
^<HOST> -.*(GET|POST|HEAD).*(/w00tw00t.at.blackhats.romanian.anti-sec)
^<HOST> -.*(GET|POST|HEAD).*(/w00tw00t.at.ISC.SANS.DFind)
^<HOST> -.*(GET|POST|HEAD).*(/webbuilder/script/locale/wb-lang-zh_CN.js)
^<HOST> -.*(GET|POST|HEAD).*(/web-console)
^<HOST> -.*(GET|POST|HEAD).*(/webdav)
^<HOST> -.*(GET|POST|HEAD).*(/web/phpMyAdmin/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/.well-known/apple-app-site-association)
^<HOST> -.*(GET|POST|HEAD).*(/.well-known/assetlinks.json)
^<HOST> -.*(GET|POST|HEAD).*(/.well-known/security.txt)
^<HOST> -.*(GET|POST|HEAD).*(/whir_system/login.aspx)
^<HOST> -.*(GET|POST|HEAD).*(/whir_system/module/security/login.aspx)
^<HOST> -.*(GET|POST|HEAD).*(/wls-wsat/CoordinatorPortType)
^<HOST> -.*(GET|POST|HEAD).*(/wpbase/url.php)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/accesspress-anonymous-post-pro/js/admin-extra.js)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/advanced-ajax-page-loader/reload_code.js)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/another-wordpress-classifieds-plugin/AWPCP.po)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/apikey/apikey.php)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/apikey/debug-wp.php)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/boxit/upload.php)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/cacheformwp.php)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/cardoza-facebook-like-box/admin_cardozafacebook.css)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/category-grid-view-gallery/cat_grid.php)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/cherry-plugin/admin/css/cherry-admin-plugin.css)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/cherry-plugin/admin/js/cherry-admin-plugin.js)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/cimy-user-extra-fields/README_OFFICIAL.txt)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/contact-form-7/license.txt)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/custom-content-type-manager/index.html)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/delete-all-comments/backup/bp.php)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/delete-all-comments/delete-all-comments.php)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/dzs-videogallery/admin/admin_global.js)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/dzs-videogallery/admin/dzsuploader/upload.js)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/dzs-zoomsounds/admin/upload.php)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/font-uploader/fontFunctions/fu_script.js)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/font-uploader/font-uploader-free.php)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/formidable/css/frm_fonts.css)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/front-end-upload/destination.php)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/front-file-manager/readme.txt)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/gallery-plugin/css/stylesheet.css)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/gallery-plugin/gallery-plugin.php)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/gallery-slider/register.php)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/gravityforms/css/preview.css)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/jetpack/class.jetpack-ixr-client.php)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/jssor-slider/assets/css/system-message.css)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/mac-dock-gallery/bugslist.tx)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/mac-dock-gallery/bugslist.txt)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/magic-fields/MF_Constant.php)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/mailpress/mp-includes/action.php)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/mailpress/mp-includes/js/mp_thickbox.js)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/mm-forms-community/includes/doajaxfileupload.php)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/nextgen-gallery/changelog.txt)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/ninja-forms/ninja_forms.php)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/nmedia-user-file-uploader/readme.txt)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/php-event-calendar/js/file-uploader/app.js)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/real3d-flipbook/js/share.min.js)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/resume-submissions-job-postings/installer.php)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/showbiz/css/post_settings.css)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/simple-dropbox-upload-form/index.php)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-custom_fields/css/jquery.lightbox.css)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/user-avatar/readme.txt)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/user-meta/readme.txt)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/userpro/css/userpro-editor.css)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/website-contact-form-with-file-upload/js/nm-global.js)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/woocommerce-catalog-enquiry/assets/frontend/css/frontend.css)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/woocommerce-catalog-enquiry/assets/frontend/js/chosen.js)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/woocommerce-product-addon/js/nm-global.js)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/wp-copysafe-pdf/lib/uploadify/uploadify.php)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/wp-e-commerce/license.txt)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/wp-editor/readme.txt)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/wp-filemanager/fm.php)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/wp-handy-lightbox/begin.php)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/wp-homepage-slideshow/functions.php)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/wp-image-news-slider/functions.php)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/wp-mailinglist/vendors/uploadify/upload.php)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/wpmarketplace/readme.txt)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/wp-property/action_hooks.php)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/wp-ps.php)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/wpstorecart/lgpl.txt)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/wp-support-plus-responsive-ticket-system/asset/js/admin.js)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/wp-symposium/readme.txt)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/wysija-newsletters/readme.txt)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/themes/deep-blue/megaframe/megapanel/inc/functions.php)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/themes/directorypress/thumbs/67-43-2013-05-14517625.pdf)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/themes/kahuna/resources/images/headers/lunch.jpg)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/themes/twentyeleven/404.php)
^<HOST> -.*(GET|POST|HEAD).*(/wp-content/themes/u-design/style.css)
^<HOST> -.*(GET|POST|HEAD).*(/wp-includes/wlwmanifest.xml)
^<HOST> -.*(GET|POST|HEAD).*(/wp-login.php)
^<HOST> -.*(GET|POST|HEAD).*(/www/phpMyAdmin/index.php)
^<HOST> -.*(GET|POST|HEAD).*(\x00Cookie:)
^<HOST> -.*(GET|POST|HEAD).*(\x22cache_name_function)
^<HOST> -.*(GET|POST|HEAD).*(\x22JDatabaseDriverMysqli)
^<HOST> -.*(GET|POST|HEAD).*(\x22JSimplepieFactory)
^<HOST> -.*(GET|POST|HEAD).*(\x22sanitize)
^<HOST> -.*(GET|POST|HEAD).*(\x22SimplePie)
^<HOST> -.*(GET|POST|HEAD).*(\x5C0disconnectHandlers)
^<HOST> -.*(GET|POST|HEAD).*(/xampp/phpmyadmin/index.php)
ignoreregex =El archivo «webexploits.conf» que te propongo es bastante completo (los CMS más utilizados), aun así puedes borrar o agregar rutas que te interesen ser protegidas.
Guarda el archivo y cierra el editor.
Ahora creamos el «jail«, por tanto debemos editar el archivo «jail.local» (asegúrate de insertar el jail correcto dependiendo si usas apache o nginx).
Editamos el archivo:
nano /etc/fail2ban/jail.local
Si utilizamos Apache, copia y pega lo siguiente:
[webexploits] enabled = true port = http,https filter = webexploits logpath = %(apache_access_log)s maxretry = 3
Si es Nginx, copia y pega lo siguiente:
[webexploits] enabled = true port = http,https filter = webexploits logpath = %(nginx_access_log)s maxretry = 3
Guarda el archivo y cierra el editor.
Ya lo tenemos… solo falta reiniciar Fail2ban.
sudo service fail2ban stop && sudo service fail2ban start
Espero te resulte útil este articulo, compártelo.
En sí, el FAIL2BAN es una excelente herramienta, una primera barrera de protección para cualquier servicio.
Al principio cuesta adaptarse a ser consciente de los tantos ataques que son sometidos los servidores y los avisos de alerta que te ofrece FAIL2BAN, pero con el tiempo los mitigas pero ojo, no bajas la guarda.