• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question Plesk Fail2Ban Rule for Joomla

T

t.van.der.plas

Basic Pleskian
Hi all,

i have been trying to add some custom rule to fail2ban to block joomla brute force attacks - the error.php in joomla logs directory show the following entries (ip is shown in full):

2021-08-24T13:47:54+00:00 INFO 1xx.1xx.3x.1xx joomlafailure Username and password do not match or you do not have an account yet. ("admin")

the ruleset should - at least as far as i understand fail2ban - look like this:

FILTER:
[Definition]
failregex = ^.*INFO <HOST>.*joomlafailure.*(Benutzername|Username).*

JAIL:
[joomla-login-errors]
enabled = true
filter = joomla-login-errors
action = iptables-multiport[name="joomla-login-errors", port="http,https"]
logpath = /var/www/vhosts/*/httpdocs/tmp/error.php
/var/www/vhosts/*/httpdocs/logs/error.php
/var/www/vhosts/*/httpdocs/administrator/logs/error.php
maxretry = 3

unfortunately, those attempts are not blocked - did some of you guys succeed in defining a joomla jail?
 
You can vote for this feature here Fail2ban Joomla Login Support
And please pay attention to this comment:

This is impossible. Because Joomla returns an HTTP 200 when a login fails, where WordPress (as it should) returns a 401. Fail2Ban checks for those 401 return codes and bans accordingly.

Because Joomla always returns 200 (regardless of whether the login succeeded or not) there is no way to check for failed logins.
 
Hi Igor,

many thanks - in the feature request you mentioned, there was some comment:

You can use Fail2ban with Joomla, but will need a regx creating to read joomla logs
/var/www/vhosts/*/httpdocs/log/error.php

so íve been trying to get this up & running somehow
 
You must log in or register to reply here.

Similar threads

wakabayashi
Resolved Fail2Ban - Postfix not working for SASL (bug?)
Replies
4
Views
2K
mizar
mizar
andreios
Issue Fail2ban WordPress login detection doesn't work and fail2ban couldn't be configured trough Plesk
Replies
2
Views
975
andreios
andreios
S
Issue Filter for plesk-wordpress jail does not work, any ideas?
Replies
1
Views
790
AYamshanov
AYamshanov
S
Resolved Problem tuning fail2ban
Replies
5
Views
10K
nisamudeen97
nisamudeen97
P
Input plesk fail2ban missing some important filter rules
Replies
2
Views
2K
PeterKi
P
Back
Top