🌍
English
Announcement
- [2025-03-12] Piwigo 15.5.0 : batch manager gets more stable
- [2025-02-21] Piwigo 15.4.0 : SEO improved, load reduced, bugs fixed
- [2024-12-20] Piwigo 15.3.0 : same as 15.2.0 but compatible with PHP 7
- [2024-12-19] Piwigo 15.2.0 : better user activation and many fixes
- [2024-11-11] Piwigo 15.1.0 : small fixes and what's new popup
#1 2022-07-23 12:41:16
- mendip_discovery
- Member
- Mendip Hills, Somerset, UK
- 2012-05-19
- 91
Fail2ban Jail and Filter
Afternoon all,
I would like to know if anyone would share their Jail and Filter setups for Fail2Ban. I have recently upgraded my VPS and I am going through the process of getting everything setup. Turns out there are a lot of script kiddies out there trying to hack websites.
Thanks
Offline
#2 2025-02-27 13:53:43
- le78ld
- Member
- 2025-02-27
- 1
Re: Fail2ban Jail and Filter
Hello,
I'm a bit late to answer, but I hope it helps. Here is my setup.
Disclaimer: This is only my setup. It comes with no warranty
I filtered anything related to logging on the apache access log. Sadly I could not differentiate between a failed and a successful attempts. So I had to increase the number of retries to avoid false-positives.
Here is my filter:
Code:
# /etc/fail2ban/filter.d/piwigo.conf
# Fail2Ban configuration file
#
# Regexp to catch authentication attempts on Piwigo
#
# Protects:
# - identification.php -> Broodforce username/pass combination
# - password.php -> Probe for username/email
# - register.php -> Probe for username/email
[Definition]
failregex = ^<HOST> -.*"POST \/identification\.php(\?.*)? .*HTTP.*"
^<HOST> -.*"POST \/password\.php(\?.*)? .*HTTP.*"
^<HOST> -.*"POST \/register\.php(\?.*)? .*HTTP.*"
ignoreregex =
datepattern = ^[^\[]*\[({DATE})
{^LN-BEG}And for the jail:
Code:
# /etc/fail2ban/jail.d/piwigo [piwigo] enabled = true port = 80,443 protocol = tcp filter = piwigo backend = auto logpath = /var/log/apache2/access.log maxretry = 10
Tell me if you have any idea on how to improve it :)
Offline