What is fail2ban?

A brief article explaining further just one of the many small things Pipe Ten does to protect its customers and websites.

What is fail2ban?

“Fail2ban scans log files and bans IPs that show the malicious signs — too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc). ” fail2ban.org

How does Pipe Ten use fail2ban?

fail2ban is used extensively across our managed hosting infrastructure, primarily examining http(s) requests to web servers. Each request is matched against a list of those known to be suspicious in nature and recorded against the IP address making the request. If a sufficient number of suspicious requests within a set period of time then further requests from these IP address will be blocked for a set period of time.

We do not disclose publicly the specific rules/filters or timings we use for fail2ban so as to not provide the ability to game or circumvent said protection, but a common example for WordPress is below.

How does Pipe Ten use fail2ban to protect WordPress customers?

Modern WordPress is a stable, securely peer reviewed application, but is only as secure as its user and administrative passwords. Insecure/Weak WordPress passwords are a common target for spammers and malicious activity because once access to WordPress administration is available so is the ability to (for example) upload malware, send spam, attempt to exploit the server or serve malware to your visitors in an effort to exploit their computers.

Pipe Ten uses fail2ban to provide brute-force-protection (many automated login requests trying to guess passwords) by monitoring the number of requests to /wp-login.php (and others) by IP address and blocking said IP address from web services for a set time period if more than a certain amount of requests are made within a set time period.

In blocking these unusual requests there is a reduced probability that any WordPress user or administrative password will be guessed by automated bots and also ensures that your hosting resources are used only to serve valid requests and not these spam or brute-force-attack attempts.

Is it possible for me/valid requests to get blocked by fail2ban?

The rules and filters in use are under constant evolution, it is possible but highly improbable. This and similar configurations have been in deployment on our infrastructure for several months having blocked millions of invalid requests with only two known incidents of incorrect blocking. As always, if you are unable to access your website please contact the Pipe Ten support team immediately.

Does my server have fail2ban?

fail2ban has been deployed to all servers where pro-active monitoring or customer report has shown activity which would benefit from fail2ban protection. For information regarding specific servers please contact the support team.

Rate this post 1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

This entry was posted in FAQs, Linux & PHP, Security and tagged . Bookmark the permalink.

Leave a Reply

Please DO NOT use this form to submit support requests, all information submitted will be PUBLICLY VISIBLE.

Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.