我正在嘗試使用 fail2ban 對 /xmlrpc.php 進行暴力破解

April 28, 2016

我遇到了很多失敗的訪問失敗：

185.103.252.174 - - [28/Apr/2016:15:09:16 -0400] "POST /xmlrpc.php HTTP/1.1" 499 0 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
173.246.56.51 - - [28/Apr/2016:15:09:17 -0400] "POST /xmlrpc.php HTTP/1.1" 499 0 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
185.103.252.173 - - [28/Apr/2016:15:09:17 -0400] "POST /xmlrpc.php HTTP/1.1" 499 0 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
23.226.36.2 - - [28/Apr/2016:15:09:17 -0400] "POST /xmlrpc.php HTTP/1.1" 499 0 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
23.226.36.2 - - [28/Apr/2016:15:09:17 -0400] "POST /xmlrpc.php HTTP/1.1" 499 0 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
185.103.252.173 - - [28/Apr/2016:15:09:17 -0400] "POST /xmlrpc.php HTTP/1.1" 499 0 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
148.251.184.222 - - [28/Apr/2016:15:09:17 -0400] "POST /xmlrpc.php HTTP/1.1" 499 0 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
148.251.184.222 - - [28/Apr/2016:15:09:17 -0400] "POST /xmlrpc.php HTTP/1.1" 499 0 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
148.251.184.222 - - [28/Apr/2016:15:09:18 -0400] "POST /xmlrpc.php HTTP/1.1" 499 0 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"

我的**/etc/fail2ban/filter.d/wordpress-auth.conf**：

[Definition]
failregex = &lt;HOST&gt;.*POST.*xmlrpc\.php.* 499

在我的**/etc/fail2ban/jail.conf**：

[wordpress]
enabled  = true
port     = http,https
filter   = wordpress-auth
logpath  = /var/log/nginx/access.log
maxretry = 3
bantime  = 86400

我已經重新啟動了fail2ban，但我沒有看到任何**$$ wordpress $$在我的/var/log/fail2ban.log**中。我究竟做錯了什麼？

好吧，它似乎正在工作，只是對日誌的反應很慢。

引用自：https://serverfault.com/questions/773700

我正在嘗試使用 fail2ban 對 /xmlrpc.php 進行暴力破解

相關問答

緩解 HTTP 氾濫和 Wordpress pingback DDoS

nginx 一個站點重定向到另一個站點

配置 NGINX：用於帶有 nextjs 的 Wordpress Headless

使用 NGINX limit_req_zone 僅對首頁進行速率限制

nginx 為某些路由設置條件反向代理

Fail2ban ipset - 使用哪個 conf？