In today's digital landscape, websites are frequent targets of attacks, which can result in data loss, disruption of services, or even theft of sensitive information. Wordpress and other Content Management Systems (CMS) are popular targets among attackers due to their widespread use and sometimes inadequate security measures. One way to bolster the defense of these systems is by implementing the Fail2Ban tool on CentOS 7 servers. Fail2Ban monitors system logs and automatically blocks IP addresses attempting suspicious activities. This article provides detailed instructions on how to configure and use Fail2Ban to protect your CMS.
Installing Fail2Ban
Before proceeding, ensure Fail2Ban is installed on your CentOS 7 server. Installation can be done using the following commands in the terminal:
sudo yum install epel-release
sudo yum install fail2ban
After installation, enable and start the Fail2Ban service:
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
Configuring Fail2Ban for WordPress and Other CMS
Fail2Ban uses configuration files in .conf format. It's recommended not to edit these files directly but to create copies with the .local extension, which will override the default settings.
-
Creating Custom Configuration: Copy the default configuration file
jail.confto a new file namedjail.local:cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local -
Configuring jail.local: Open the
jail.localfile in a text editor and add a section for WordPress or any other CMS you wish to protect. For example, for WordPress, the configuration might look like this:[wordpress-hard] enabled = true filter = wordpress action = iptables-multiport[name=WordPress, port="http,https"] logpath = /var/log/httpd/*access_log maxretry = 3This configuration defines a rule named
wordpress-hard, which monitors the web server logs (in this case Apache) for unsuccessful login attempts or other suspicious activities associated with WordPress. -
Creating Custom Filter: Fail2Ban requires a corresponding filter for each jail, defining how to identify suspicious activity. Create a file
/etc/fail2ban/filter.d/wordpress.confand define patterns that match unauthorized access attempts. An example filter might look like this:[Definition] failregex = <HOST> - - .*"POST /wp-login.php
Running and Testing Fail2Ban
After completing the configuration, restart the Fail2Ban service to apply the changes:
sudo systemctl restart fail2ban
To verify that Fail2Ban is correctly configured and functioning, you can use the command:
sudo fail2ban-client status wordpress-hard
This command will display the status of the wordpress-hard jail, including the number of currently blocked IP addresses.
Implementing Fail2Ban on a CentOS 7 server offers an effective way to protect WordPress and other CMS systems against common attacks, such as brute-force attacks on login pages. With its flexible configuration, Fail2Ban can be adapted to protect a wide range of applications and services. Regularly updating filters and monitoring logs will ensure that your system remains protected against emerging threats.
