How to integrate ElkArte and fail2ban? July 13, 2025, 11:23:24 pm Hi, are there anyone that tried to integrate ElkArte and fail2ban? I want to prevent someone bruteforcing the login page. While the forum will ban multiple failed login but it still get processed by php. I want to take it further that the bot is blocked at network level, so it doesn't affect performance badly. yesterday my wordpress blog login page got hammered, and i must disabled php-fpm to access my vps.
Re: How to integrate ElkArte and fail2ban? Reply #1 – Today at 08:06:41 am There is a good overall blocker that you can set up for either Apache or Nginx available here. https://github.com/mitchellkrogza its really good if you have a general problem with you sites getting hammered.If you just want to trigger fail2ban based off the Elkarte login page getting hit, then (untested) you would do1) find where you server is saves its access log, example /var/log/nginx/access.log 2) in that log you should see the submit page for the login /index.php?action=login2 if its getting hit you will see that with the same ip address over and over3) create a f2b filter /etc/fail2ban/filter.d/elkarte-login-abuse.conf with the followingCode: [Select][Definition]failregex = <HOST> -.*"(GET|POST) /index.php\?action=login2.* HTTP/.*"ignoreregex =4) add the above to your fail2ban jail jail.localCode: [Select][elkarte-login-abuse]enabled = trueport = http,httpsfilter = elkarte-login-abuselogpath = /var/log/nginx/access.logmaxretry = 4findtime = 300bantime = 86400action = iptables[name=elkarte-login-abuse, port=http, protocol=tcp]maxretry: 4 requests in findtime: 300 seconds (5 minutes) triggers the ban.bantime: 86400 seconds (24 hours). ban timeadjust to your liking5) restart fail2ban sudo systemctl restart fail2ban