Author: Rodrigo Campos Date: To: Jan Henkins CC: users Subject: Re: [bitfolk] Security incident: Wordpress compromise
On Mon, Oct 05, 2015 at 12:05:53AM +0100, Jan Henkins wrote: > Hello Ian and all
>
> On 04/10/15 21:09, Ian wrote:
> >Rodrigo Campos said:
> >
> >>wp-fail2ban can be used with IPv4, IPv6 and doesn't take into account
> >>the login
> >>that worked ok. So, no need to the the trick described there with so
> >>many
> >>disadvantages.
> >
> >Pointing fail2ban at any access of wp-login.php?
> >
> >Apart from expecting that people can get their own password right within a
> >few tries, I am not sure what the 'so many disadvantages' are.
>
>
> I have tested the fail2ban idea as set out in the WIKI article[1], but did
> not have any luck with it. What Rodrigo actually pointed out is that there
> is a plugin for WP called "wp fail2ban", which actually works rather well.
> The "many disadvantages" he refered to is also not completely clear to me,
I mean that the plugin should work with IPv6 and, as regular fail2ban filter,
just takes into account the failed actions.
The wiki instructions says those instructions don't work with IPv6 and "catches
any login attempt, successful or otherwise". Those are the disadvantages I
meant, the ones that the wiki says :)
