ConfigServer Community Forum

In the wordpress scenario, fail2ban is just the name of a wp plugin to write login attempts to syslog... fail2ban itself is not actually being used. Ultimately, you can point a custom regex in LFD to monitor any log you like, and act upon that.

I think you also have to restart LFD

service lfd restart

Here's the wordpress info
viewtopic.php?f=6&t=6663&p=23704

For wordpress, there is a fail2ban plugin, which will write wordpress failed logins to your system log. You can then use a custom regex in CSF/LFD to block them. Search the forums here. There is an example, specifically for this scenario, that works just fine. There is also a sticky post at the top ...

Same for me on a brand new CentOS 6.5 server. I've installed CSF on several servers in the past, and have never seen anything like this 600 emails overnight, reporting apache, postfix, and more... all seemingly legitimate. I've never had to specifically ignore any processes before.

Deleted

Not sure what I was doing wrong the other day, but this is working now.

Deleted

Hi, Is there something I need to do to enable the custom regex? I have installed "WP fail2ban". I have verified that failed logins are being written to /var/log/messages. I have added the regex if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /Authentication failure for (\S+) from ([\d....