# Fail2Ban configuration file hard # # Author: Charles Lecklider # [INCLUDES] # Read common prefixes. If any customizations available -- read them from # common.local before = common.conf [Definition] _daemon = (?:wordpress|wp) # Option: failregex # Notes.: regex to match the password failures messages in the logfile. The # host must be matched by a group named "host". The tag "" can # be used for standard IP/hostname matching and is only an alias for # (?:::f{4,6}:)?(?P[\w\-.^_]+) # Values: TEXT # failregex = ^%(__prefix_line)sAuthentication attempt for unknown user .* from ( via XML-RPC)?$ ^%(__prefix_line)sBlocked authentication attempt for .* from ( via XML-RPC)?$ ^%(__prefix_line)sBlocked user enumeration attempt from $ ^%(__prefix_line)sPingback error .* generated from $ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # ignoreregex =