fail2ban frequently bans me from WordPress admin due to noscript nginx

2 Views

I configured my Ubuntu 14.04, Nginx 1.6.2 server fail2ban to block noscript requests. This server runs two WordPress sites.

When I’m doing wp-admin area works, randomly I got banned. When I’m looking at the fail2ban logs, I can see fail2ban.actions: WARNING [nginx-noscript] Ban xxx.xxx.xxx.xx. I have enabled email, notifications, but I didn’t receive any email notifications regarding this ban. But SSH ban I get the email notifications.

Read More

I would like to know are there any way to stop this false/incorrect banning action?
Also how do I get every IP banning actions email alerts?

jail.local file:- http://pastebin.com/4ThbnzKD

jail.conf :- http://pastebin.com/zPZ0975W

Post Views: 2

Related posts

Leave a Reply

1 comment

  1. The nginx-noscript filter is meant to completely block access to direct access to scripts, for example URLs that end in .php. As the WordPress admin panel depends on many such URLs (e.g. /wp-login.php?...), this filter is completely incompatible with it and will ban any users logging in or using the admin panel. The front end of the site might work well because although it uses PHP files, its URLs don’t contain “.php” because of URL rewriting.

    To solve this you can:

    1. Disable the nginx-noscript filter entirely
    2. Add exceptions under the ignoreregex section, start with something like (wp-admin|wp-login)

    Default nginx-noscript.conf:

    # Noscript filter /etc/fail2ban/filter.d/nginx-noscript.conf:
#
# Block IPs trying to execute scripts such as .php, .pl, .exe and other funny scripts.
#
# Matches e.g.
# 192.168.1.1 - - "GET /something.php
#

[Definition]
failregex = ^<HOST> -.*GET.*(.php|.asp|.exe|.pl|.cgi|scgi)
ignoreregex =