Configuring Csf to protect wordpress virtual servers - Fail to ban high CPU loads

Submitted by alstam on Tue, 04/14/2020 - 17:38 Pro Licensee

Hi,

as you maybe already know i am still trying to migrate my virtual servers from cpanel to Virtualmin. I tried to use fail2ban in order to protect my wordpress virtual servers but unfortunately this cause extreme high cpu loads to my server. (any opinion about this will be appreciated, i had fail2ban installed to my previous cpanel server without problem)

After this i decided to remove fail2ban and i installed csf. With a little research i found a post that refers that in order to protect wordpress sites from brute force login attempts you have to add this in regex.custom.pm

if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] "POST \/wp-login\.php.*" 200/)) {
        return ("Failed WordPress login from",$1,"wordpress","5","80,443","3600");
    }

and after add the the custom log that CSF/LFD will monitor. I tried to do it but i think that csf don't block failed login. I added this to csf.conf

CUSTOM1_LOG = "/var/log/virtualmin/*access_log"

Is my path correct? Any other suggestion or easiest way to protect my wordpress websites?

Thank you

Alex

Status: 
Active

Comments

Ilia's picture
Submitted by Ilia on Wed, 04/15/2020 - 05:54

Hi,

Is my path correct? Any other suggestion or easiest way to protect my Wordpress websites?

I remember doing it for my production server and I don't think it supported wildcards in the path.

. With a little research i found a post that refers that in order to protect wordpress sites from brute force login attempts you have to add this in regex.custom.pm

For that to work you would need to make sure that failed login attempts are actually written to access_log file.

Any other suggestion or easiest way to protect my wordpress websites?

I would just restricted access to wp-login.php page with .htaccess. It's very easy and requires no resources. Google it. I would also checked if there is a plugin that could do it. WordPress is very popular, if there is no such plugin let me know, I'll consider writing one.

It's outside of the scope of what Virtualmin support should do.

Submitted by alstam on Thu, 04/16/2020 - 02:25 Pro Licensee

I would just restricted access to wp-login.php page with .htaccess. It's very easy and requires no resources. Google it. I would also checked if there is a plugin that could do it. WordPress is very popular, if there is no such plugin let me know, I'll consider writing one.

I know but me and my customers need to login and not everyone has a static ip. Besides this i need every time to edit htaccess so i prefer a global solution. Fail 2 ban was perfect. Any idea what could cause high cpu loads to server? Could this be related with Virtualmin fail2ban module?

Thank you Ilia

Ilia's picture
Submitted by Ilia on Thu, 04/16/2020 - 07:20

I know but me and my customers need to login and not everyone has a static IP.

You don't really need a static IP. You could password protect access to this file:

<Files wp-login.php>
AuthUserFile /path/to/.htpasswd
AuthName "Private access"
AuthType Basic
require valid-user
</Files>

.. and then use CSF with ease to block IPs that failed http authentication based on Apache logs, with custom regex.

Fail2Ban was perfect

Was perfect for what? :D

Any idea what could cause high cpu loads to server?

No idea, as it depends.

Could this be related with Virtualmin fail2ban module?

No.

Submitted by alstam on Thu, 04/16/2020 - 07:29 Pro Licensee

Was perfect for what? :D

For blocking ips that failed to login to wordpress in cooperation with fail2ban redux plugin :-p

Thank you i will try you way