Hi, are there anyone that tried to integrate ElkArte and fail2ban? I want to prevent someone bruteforcing the login page. While the forum will ban multiple failed login but it still get processed by php. I want to take it further that the bot is blocked at network level, so it doesn't affect performance badly. yesterday my wordpress blog login page got hammered, and i must disabled php-fpm to access my vps.
There is a good overall blocker that you can set up for either Apache or Nginx available here. https://github.com/mitchellkrogza its really good if you have a general problem with you sites getting hammered.
If you just want to trigger fail2ban based off the Elkarte login page getting hit, then (untested) you would do
1) find where you server is saves its access log, example
/var/log/nginx/access.log 2) in that log you should see the submit page for the login
/index.php?action=login2 if its getting hit you will see that with the same ip address over and over
3) create a f2b filter
/etc/fail2ban/filter.d/elkarte-login-abuse.conf with the following
[Definition]
failregex = <HOST> -.*"(GET|POST) /index.php\?action=login2.* HTTP/.*"
ignoreregex =
4) add the above to your fail2ban jail
jail.local[elkarte-login-abuse]
enabled = true
port = http,https
filter = elkarte-login-abuse
logpath = /var/log/nginx/access.log
maxretry = 4
findtime = 300
bantime = 86400
action = iptables[name=elkarte-login-abuse, port=http, protocol=tcp]
maxretry: 4 requests in
findtime: 300 seconds (5 minutes) triggers the ban.
bantime: 86400 seconds (24 hours). ban time
adjust to your liking
5) restart fail2ban
sudo systemctl restart fail2ban