Nginx
我正在嘗試使用 fail2ban 對 /xmlrpc.php 進行暴力破解
我遇到了很多失敗的訪問失敗:
185.103.252.174 - - [28/Apr/2016:15:09:16 -0400] "POST /xmlrpc.php HTTP/1.1" 499 0 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)" 173.246.56.51 - - [28/Apr/2016:15:09:17 -0400] "POST /xmlrpc.php HTTP/1.1" 499 0 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)" 185.103.252.173 - - [28/Apr/2016:15:09:17 -0400] "POST /xmlrpc.php HTTP/1.1" 499 0 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)" 23.226.36.2 - - [28/Apr/2016:15:09:17 -0400] "POST /xmlrpc.php HTTP/1.1" 499 0 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)" 23.226.36.2 - - [28/Apr/2016:15:09:17 -0400] "POST /xmlrpc.php HTTP/1.1" 499 0 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)" 185.103.252.173 - - [28/Apr/2016:15:09:17 -0400] "POST /xmlrpc.php HTTP/1.1" 499 0 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)" 148.251.184.222 - - [28/Apr/2016:15:09:17 -0400] "POST /xmlrpc.php HTTP/1.1" 499 0 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)" 148.251.184.222 - - [28/Apr/2016:15:09:17 -0400] "POST /xmlrpc.php HTTP/1.1" 499 0 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)" 148.251.184.222 - - [28/Apr/2016:15:09:18 -0400] "POST /xmlrpc.php HTTP/1.1" 499 0 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
我的**/etc/fail2ban/filter.d/wordpress-auth.conf**:
[Definition] failregex = <HOST>.*POST.*xmlrpc\.php.* 499
在我的**/etc/fail2ban/jail.conf**:
[wordpress] enabled = true port = http,https filter = wordpress-auth logpath = /var/log/nginx/access.log maxretry = 3 bantime = 86400
我已經重新啟動了fail2ban,但我沒有看到任何**$$ wordpress $$在我的/var/log/fail2ban.log**中。我究竟做錯了什麼?
好吧,它似乎正在工作,只是對日誌的反應很慢。