• Skip to content
  • Skip to primary sidebar
  • Skip to footer

Foliovision

Making the web work for you

Main navigation

  • Weblog
    • FV Player
    • WordPress
    • Video of the Week
    • Case Studies
    • Business
  • About
    • Testimonials
    • Meet the Team
    • We Support
    • Careers
    • Contact
    • Pricing
  • Products
  • Support
    • FV Player Docs
    • Pro Support
  • Login
  • Basket is empty

How to block repeated offenders with BusinessPress

Fail2Ban is a great tool to prevent password guessing on your server or website. However we always run into the issue that the limit was either too high or low. What it really needs is a way of banning the users who try again and again forever.

When banning an IP forever you have to be extra careful to not ban Googlebot or other important web crawler.

  1. Create /usr/local/bin/ignore_ip_check.sh which resolves the IP to see if it’s any known web crawler that must not be banned.
#!/bin/bash
IP="$1"
HOSTRESULT=$(host -W 1 ${IP})
REGEX='.*(googlebot\.com|google\.com|search\.msn\.com|yandex\.ru|yandex\.net|yandex\.com)\.$'
if [[ "$HOSTRESULT" =~ $REGEX ]]; then exit 0; else exit 1; fi
  1. Make sure other users can execute it using chmod u+x /usr/local/bin/ignore_ip_check.sh.

  2. Create the new Fail2Ban filter in /etc/fail2ban/filter.d/repeated.conf:

# Fail2Ban configuration file
#
# Author: Foliovision
#

[INCLUDES]

before = common.conf


[Definition]

_daemon = fail2ban\.actions\s*

failregex = ^(%(__prefix_line)s| %(_daemon)s%(__pid_re)s?:\s+)NOTICE\s+\[(?:sshd|wordpress)\]\s+Ban\s+<HOST>\s*$

This file gives Fail2Ban the regex to use for log file parsing.

  1. Create the new Fail2Ban jail in /etc/fail2ban/jail.d/repeated.conf.
[repeated]
enabled = true
filter = repeated 
logpath = /var/log/fail2ban.log
port = http,https

maxretry = 3 
findtime = 86400 
bantime = 5184000 

ignoreip = 127.0.0.1 {your server IP}
ignorecommand = /usr/local/bin/ignore_ip_check.sh <ip>

This file tells Fail2Ban which file to scan – it’s the actual Fail2Ban log file!

  1. Run fail2ban-client reload and fail2ban-client status, you should now see repeated in the list:
# fail2ban-client status
Status
|- Number of jail:  4
`- Jail list:   repeated, sshd, waf, wordpress
  1. Now you can try to guess the password too many times (use your VPN or a spare server), then unban the IP using fail2ban-client, try to guess the password once again and you should find the IP on the fail2ban-client status repeated block list.

Reader Interactions

Primary Sidebar

My Account

  • My Licenses
  • My Profile
  • Invoices
  • Affiliate Area
  • Log Out

BusinessPress

  1. How to setup login protection
  2. How to block repeated offenders
  3. How to block malicious web requests

Footer

Our Plugins

  • FV WordPress Flowplayer
  • FV Thoughtful Comments
  • FV Simpler SEO
  • FV Antispam
  • FV Gravatar Cache
  • FV Testimonials

Free Tools

  • Pandoc Online
  • Article spinner
  • WordPress Password Finder
  • Delete LinkedIn Account
  • Responsive Design Calculator
Foliovision logo
All materials © 2023 Foliovision s.r.o. | Panská 12 - 81101 Bratislava - Slovakia | info@foliovision.com
  • This Site Uses Cookies
  • Privacy Policy
  • Terms of Service
  • Site Map
  • Contact
  • Tel. ‭+421 2/5292 0086‬

We are using cookies to give you the best experience on our website.

You can find out more about which cookies we are using or switch them off in settings.

Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Necessary Cookies

Strictly Necessary Cookie allow you to log in and download your software or post to forums.

We use the WordPress login cookie and the session cookie.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.

Support Cookies

Foliovision.com uses self-hosted Rocket.chat and self-hosted Freescout support desk to provide support for FV Player users. These cookies allow our visitors to chat with us and/or submit support tickets.

We are delighted to recommend self-hosted Rocket.chat and especially Freescout to other privacy-conscious independent publishers who would prefer to self-host support.

Please enable Strictly Necessary Cookies first so that we can save your preferences!

3rd Party Cookies

This website uses Google Analytics and Statcounter to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.

We reluctantly use Google Analytics as it helps us to test FV Player against popular Google Analytics features. Feel free to turn off these cookies if they make you feel uncomfortable.

Statcounter is an independent Irish stats service which we have been using since the beginning of recorded time, sixteen years ago.

Please enable Strictly Necessary Cookies first so that we can save your preferences!