Fail2ban and Joomla CMS Regex

Asked Aug 22 '19 at 09:36

Active Aug 22 '19 at 14:12

Viewed 375 times

These are my configurations in /etc/fail2ban:

** jail.local**
[joomla-login-errors]

enabled = true
port   = http,https
filter = joomla-login-errors
logpath = /var/www/path-to-website/logs/error.php
maxretry = 2


** filter.d/joomla-login-errors.conf**
[Definition]

failregex = ^%(__prefix_line)s*INFO <HOST>.*joomlafailure.*Username.*$

If I try:

fail2ban-regex /var/www/path-to-website/logs/error.php '^%(__prefix_line)s*INFO <HOST>.*joomlafailure.*Username.*$'

Nothing gets matched, but most of the lines are like this (the IP is invented, but those on my files are real):

2019-08-20T09:57:42+00:00       INFO 500.188.602.500 joomlafailure   Username and password do not match or you do not have an account yet

edited Aug 22 '19 at 14:12

asked Aug 22 '19 at 09:36

CharlesM

How's your `__prefix_line` defined? – Ginnungagap Aug 22 '19 at 22:44
It's the standard one in filter.d/common.conf: \s*%(__bsd_syslog_verbose)s?\s*(?:%(__hostname)s )?(?:%(__kernel_prefix)s )?(?:@vserver_\S+ )?%(__daemon_combs_re)s?\s%(__daemon_extra_re)s?\s* – CharlesM Oct 08 '19 at 14:14

Fail2ban and Joomla CMS Regex

0 Answers0