Blocking brute force attacks on Debian – Fail2ban

Install fail2ban for debian:

apt-get install fail2ban

Now create a new config file that you can modify safely:

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Now edit the following:

emacs /etc/fail2ban/jail.conf
bantime  = 86400
destemail = YOUREMAILADDRESS
action = %(action_mwl)s

Now restart fail2ban service:

service fail2ban restart

Configuring fail2ban with wordpress.
Get the plugin WP fail2ban

Activate it for your site
Go to the plugin’s folder, copy the .conf files:

cp public_html/wp-content/plugins/wp-fail2ban/filters.d/* /etc/fail2ban/filter.d/

Edit:

emacs /etc/fail2ban/jail.local

Add the following:

[wordpress-hard]
enabled = true
filter = wordpress-hard
logpath = /var/log/wpauth.log
maxretry = 1

[wordpress-soft]
enabled = true
filter = wordpress-soft
logpath = /var/log/wpauth.log
maxretry = 3

Restart fail2ban:

rm /var/run/fail2ban/fail2ban.sock
service fail2ban restart

You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.