EnglishAnnouncement
- [2026-05-03] Piwigo 16.4.0 : because security matters
- [2026-02-24] Piwigo 16.3.0 : security fixes and docker update
- [2025-12-30] Piwigo 16.2.0 : customize Standard Pages
- [2025-12-02] Piwigo 16.1.0 : better compatibility with old/new PHP versions
- [2025-11-24] Piwigo 16 : Standard pages, API keys, Docker image
#1 2022-07-23 12:41:16
- mendip_discovery
- Member
- Mendip Hills, Somerset, UK
- 2012-05-19
- 91
Fail2ban Jail and Filter
Afternoon all,
I would like to know if anyone would share their Jail and Filter setups for Fail2Ban. I have recently upgraded my VPS and I am going through the process of getting everything setup. Turns out there are a lot of script kiddies out there trying to hack websites.
Thanks
Offline
#2 2025-02-27 13:53:43
- le78ld
- Member
- 2025-02-27
- 1
Re: Fail2ban Jail and Filter
Hello,
I'm a bit late to answer, but I hope it helps. Here is my setup.
Disclaimer: This is only my setup. It comes with no warranty
I filtered anything related to logging on the apache access log. Sadly I could not differentiate between a failed and a successful attempts. So I had to increase the number of retries to avoid false-positives.
Here is my filter:
Code:
# /etc/fail2ban/filter.d/piwigo.conf
# Fail2Ban configuration file
#
# Regexp to catch authentication attempts on Piwigo
#
# Protects:
# - identification.php -> Broodforce username/pass combination
# - password.php -> Probe for username/email
# - register.php -> Probe for username/email
[Definition]
failregex = ^<HOST> -.*"POST \/identification\.php(\?.*)? .*HTTP.*"
^<HOST> -.*"POST \/password\.php(\?.*)? .*HTTP.*"
^<HOST> -.*"POST \/register\.php(\?.*)? .*HTTP.*"
ignoreregex =
datepattern = ^[^\[]*\[({DATE})
{^LN-BEG}And for the jail:
Code:
# /etc/fail2ban/jail.d/piwigo [piwigo] enabled = true port = 80,443 protocol = tcp filter = piwigo backend = auto logpath = /var/log/apache2/access.log maxretry = 10
Tell me if you have any idea on how to improve it :)
Offline