Re: [Fail2ban-users] Trying to get complex regex to work with apache access log!

Sat, 29 Aug 2015 04:29:35 -0700 

This matches the log that you posted, but then again the one you posted
also works with the log that you posted. Have you tested yours with
fail2ban-regex?

failregex = <HOST> .*\"POST [^\"]+\" (\d){3} (\d){3}.*$

On Sat, 2015-08-29 at 10:49 +0100, linuxthefish wrote:

> Hi,
> 
> I have my wordpress website login page spammed with login attempts,
> and I am trying to block these using fail2ban.
> 
> The brute force login attempts look like this:
> 
> 82.165.197.140 - - [29/Aug/2015:05:35:42 -0400] "POST /wp-login.php
> HTTP/1.0" 500 251
> 82.165.197.140 - - [29/Aug/2015:05:35:42 -0400] "POST /wp-login.php
> HTTP/1.0" 500 251
> 185.73.202.122 - - [29/Aug/2015:05:35:42 -0400] "POST /wp-login.php
> HTTP/1.0" 200 3587
> 82.165.197.140 - - [29/Aug/2015:05:35:43 -0400] "POST /wp-login.php
> HTTP/1.0" 500 251
> 103.26.108.11 - - [29/Aug/2015:05:35:43 -0400] "POST /wp-login.php
> HTTP/1.0" 301 -
> 82.165.197.140 - - [29/Aug/2015:05:35:43 -0400] "POST /wp-login.php
> HTTP/1.0" 500 251
> 82.165.197.140 - - [29/Aug/2015:05:35:44 -0400] "POST /wp-login.php
> HTTP/1.0" 500 251
> 82.165.197.140 - - [29/Aug/2015:05:35:44 -0400] "POST /wp-login.php
> HTTP/1.0" 500 251
> 82.165.197.140 - - [29/Aug/2015:05:35:44 -0400] "POST /wp-login.php
> HTTP/1.0" 500 251
> 82.165.197.140 - - [29/Aug/2015:05:35:45 -0400] "POST /wp-login.php
> HTTP/1.0" 500 251
> 82.165.197.140 - - [29/Aug/2015:05:35:45 -0400] "POST /wp-login.php
> HTTP/1.0" 500 251
> 
> I have the regex "<HOST> .*\"POST [^\"]+\" 500.*" but I don't think
> it's working, is this right?
> 
> Also can I have more than one regex for each jail, like this?
> 
> failregex = <HOST> .*\"POST [^\"]+\" 500.*
> failregex = <HOST> .*\"POST [^\"]+\" 302.*
> 
> Thanks,
> Edmund
> 
> ------------------------------------------------------------------------------
> _______________________________________________
> Fail2ban-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users



------------------------------------------------------------------------------

_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Reply via email to