Page 1 of 1
Drupal / Wordpress and other cms protection
Posted: 09 Dec 2014, 18:27
by rpr
Hi,
is there a way to ban users who are trying to bruteforce drupal / wordpress or other cms installations. For fail2ban you have options but does csf has options to counter this?
Re: Drupal / Wordpress and other cms protection
Posted: 14 Jan 2015, 13:47
by verdonv
For wordpress, there is a fail2ban plugin, which will write wordpress failed logins to your system log. You can then use a custom regex in CSF/LFD to block them. Search the forums here. There is an example, specifically for this scenario, that works just fine. There is also a sticky post at the top of the forum about using custom regexes in general... very useful!
Re: Drupal / Wordpress and other cms protection
Posted: 14 Jan 2015, 14:03
by verdonv
Re: Drupal / Wordpress and other cms protection
Posted: 14 Jan 2015, 14:12
by rpr
Found the drupal fail2ban but that's another program to do the same thing. It is possible in CSF. I saw it.
Re: Drupal / Wordpress and other cms protection
Posted: 14 Jan 2015, 15:03
by verdonv
In the wordpress scenario, fail2ban is just the name of a wp plugin to write login attempts to syslog... fail2ban itself is not actually being used. Ultimately, you can point a custom regex in LFD to monitor any log you like, and act upon that.