TheLastCicada · August 29, 2015 14:07
diff --git a/block_brute_address.php b/block_brute_address.php
 <?php
 /**
 * Plugin Name: Block Brute Plugins
 * Description: Custom magic
 * Version:     1.0
 * Author:      Eric Mann
 * Author URI:  http://10up.com
 * License:     MIT
 */
 function block_brute_address( $ip_address ) {
    org\lecklider\charles\wp_fail2ban\openlog();
    syslog( LOG_NOTICE, 'Blocked authentication attempt from ' . $ip_address );
    org\lecklider\charles\wp_fail2ban\bail();
 }
 add_action( 'brute_kill_login', 'block_brute_address' );

 #function add_test_footer() {
 #    echo '<!-- Testing the mu-plugin-->';
 #}
 #add_action( 'wp_footer', 'add_test_footer' );

 ?>
diff --git a/bruteprotect.conf b/bruteprotect.conf
 # Fail2Ban configuration file
 #
 # Author: Charles Lecklider
 #

 [INCLUDES]

 # Read common prefixes. If any customizations available -- read them from
 # common.local
 before = common.conf


 [Definition]

 _daemon = wordpress

 # Option:  failregex
 # Notes.:  regex to match the password failures messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
 #          be used for standard IP/hostname matching and is only an alias for
 #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values:  TEXT
 #
 failregex = ^%(__prefix_line)sBlocked authentication attempt for .* from <HOST>$
            ^%(__prefix_line)sBlocked user enumeration attempt from <HOST>$
            ^%(__prefix_line)sBlocked authentication attempt from <HOST>$
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
 # Values:  TEXT
 #
 ignoreregex =
diff --git a/jail.local b/jail.local
 [bruteprotect]
 enabled = true
 filter = bruteprotect
 action  = iptables-multiport[name=wordpress,port="80,443"]
 logpath = /var/log/messages
 maxretry = 1
 bantime  = 86400
	<?php
	/**
	* Plugin Name: Block Brute Plugins
	* Description: Custom magic
	* Version: 1.0
	* Author: Eric Mann
	* Author URI: http://10up.com
	* License: MIT
	*/
	function block_brute_address( $ip_address ) {
	org\lecklider\charles\wp_fail2ban\openlog();
	syslog( LOG_NOTICE, 'Blocked authentication attempt from ' . $ip_address );
	org\lecklider\charles\wp_fail2ban\bail();
	}
	add_action( 'brute_kill_login', 'block_brute_address' );

	#function add_test_footer() {
	# echo '<!-- Testing the mu-plugin-->';
	#}
	#add_action( 'wp_footer', 'add_test_footer' );

	?>
	# Fail2Ban configuration file
	#
	# Author: Charles Lecklider
	#

	[INCLUDES]

	# Read common prefixes. If any customizations available -- read them from
	# common.local
	before = common.conf


	[Definition]

	_daemon = wordpress

	# Option: failregex
	# Notes.: regex to match the password failures messages in the logfile. The
	# host must be matched by a group named "host". The tag "<HOST>" can
	# be used for standard IP/hostname matching and is only an alias for
	# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
	# Values: TEXT
	#
	failregex = ^%(__prefix_line)sBlocked authentication attempt for .* from <HOST>$
	^%(__prefix_line)sBlocked user enumeration attempt from <HOST>$
	^%(__prefix_line)sBlocked authentication attempt from <HOST>$
	# Option: ignoreregex
	# Notes.: regex to ignore. If this regex matches, the line is ignored.
	# Values: TEXT
	#
	ignoreregex =
	[bruteprotect]
	enabled = true
	filter = bruteprotect
	action = iptables-multiport[name=wordpress,port="80,443"]
	logpath = /var/log/messages
	maxretry = 1
	bantime = 86400