jail.local

[DEFAULT]
ignoreip = 127.0.0.1/8 ::1

# bantime is the number of seconds that a host is banned.
bantime  = 600

# A host is banned when hits maxretry during the last findtime seconds.
findtime  = 600

# maxretry is the number of failures before a host get banned.
maxretry = 3

[nginx-auth-main]
enabled = true
filter = nginx-auth-main
action = csfdeny[name=nginx-auth-main]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /var/log/nginx/*.error.log
bantime = 3600
maxretry = 3
findtime = 600

[nginx-auth]
enabled = true
filter = nginx-auth
action = csfdeny[name=nginx-auth]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /home/nginx/domains/*/log/access.log
bantime = 3600
maxretry = 3
findtime = 600

[nginx-badrequests-main]
enabled = true
filter = nginx-badrequests-main
action = csfdeny[name=nginx-badrequests-main]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /var/log/nginx/localhost.access.log
bantime = 604800
maxretry = 1

[nginx-badrequests]
enabled = true
filter = nginx-badrequests
action = csfdeny[name=nginx-badrequests]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /home/nginx/domains/*/log/access.log
bantime = 604800
maxretry = 1

[nginx-log4j-main]
enabled = true
filter = nginx-log4j-main
action = csfdeny[name=nginx-log4j-main]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /var/log/nginx/localhost.access.log
bantime = 86400
findtime = 86400
maxretry = 1

[nginx-log4j]
enabled = true
filter = nginx-log4j
action = csfdeny[name=nginx-log4j]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /home/nginx/domains/*/log/access.log
bantime = 86400
findtime = 86400
maxretry = 1

[nginx-common-main]
enabled = true
filter = nginx-common-main
action = csfdeny[name=nginx-common-main]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /var/log/nginx/localhost.access.log
bantime = 604800
maxretry = 1
findtime = 43200

[nginx-common]
enabled = true
filter = nginx-common
action = csfdeny[name=nginx-common]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /home/nginx/domains/*/log/access.log
bantime = 604800
maxretry = 1
findtime = 43200

[nginx-req-limit-main]
enabled = true
filter = nginx-req-limit
action = csfdeny[name=nginx-req-limit-main]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /var/log/nginx/*.error.log
findtime = 600
bantime = 7200
maxretry = 5

[nginx-req-limit]
enabled = true
filter = nginx-req-limit
action = csfdeny[name=nginx-req-limit]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /home/nginx/domains/*/log/error.log
findtime = 600
bantime = 7200
maxretry = 5

# repeat offender monitor fail2ban log for banned nginx-req-limit
# entries >5 within 6 hours will be banned for longer 72hr time
[nginx-req-limit-repeat]
enabled = true
filter = nginx-req-limit-repeat
action = csfdeny[nginx-req-limit-repeat]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /var/log/fail2ban.log
bantime  = 259200
maxretry = 5
findtime = 21600

[nginx-conn-limit-main]
enabled = true
filter = nginx-conn-limit-main
action = csfdeny[name=nginx-conn-limit-main]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /var/log/nginx/*.error.log
findtime = 600
bantime = 7200
maxretry = 5

[nginx-conn-limit]
enabled = true
filter = nginx-conn-limit
action = csfdeny[name=nginx-conn-limit]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /home/nginx/domains/*/log/error.log
findtime = 600
bantime = 7200
maxretry = 5

[nginx-botsearch-main]
enabled = true
filter = nginx-botsearch-main
action = csfdeny[name=nginx-botsearch-main]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /var/log/nginx/localhost.access.log
port     = http,https
maxretry = 2

[nginx-botsearch]
enabled = true
filter = nginx-botsearch
action = csfdeny[name=nginx-botsearch]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /home/nginx/domains/*/log/access.log
port     = http,https
maxretry = 2

#[nginx-get-f5-main]
#enabled = true
#filter = nginx-get-f5-main
#action = csfdeny[name=nginx-get-f5-main]
##action   = cloudflare
#action   = cloudflaretoken
#logpath = /var/log/nginx/localhost.access.log
#port   = http,https
#maxretry = 15
#findtime = 1
#bantime = 600

#[nginx-get-f5]
#enabled = true
#filter = nginx-get-f5
#action = csfdeny[name=nginx-get-f5]
##action   = cloudflare
#action   = cloudflaretoken
#logpath = /home/nginx/domains/*/log/access.log
#port   = http,https
#maxretry = 15
#findtime = 1
#bantime = 600

[nginx-xmlrpc-main]
enabled = true
filter = nginx-xmlrpc-main
action = csfdeny[name=nginx-xmlrpc-main]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /var/log/nginx/localhost.access.log
port = http,https
maxretry = 6
findtime = 60

[nginx-xmlrpc]
enabled = true
filter = nginx-xmlrpc
action = csfdeny[name=nginx-xmlrpc]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /home/nginx/domains/*/log/access.log
port = http,https
maxretry = 6
findtime = 60

[nginx-401-main]
enabled = false
filter  = nginx-401-main
action = csfdeny[name=nginx-401-main]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /var/log/nginx/localhost.access.log
port = http,https
maxretry = 10
findtime = 60

[nginx-401]
enabled = false
filter  = nginx-401
action = csfdeny[name=nginx-401]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /home/nginx/domains/*/log/access.log
port = http,https
maxretry = 10
findtime = 60

[nginx-403-main]
enabled = false
filter  = nginx-403-main
action = csfdeny[name=nginx-403-main]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /var/log/nginx/localhost.access.log
port = http,https
maxretry = 10
findtime = 60

[nginx-403]
enabled = false
filter  = nginx-403
action = csfdeny[name=nginx-403]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /home/nginx/domains/*/log/access.log
port = http,https
maxretry = 10
findtime = 60

[nginx-404-main]
enabled = false
filter  = nginx-404-main
action = csfdeny[name=nginx-404-main]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /var/log/nginx/localhost.access.log
port = http,https
maxretry = 10
findtime = 60

[nginx-404]
enabled = false
filter  = nginx-404
action = csfdeny[name=nginx-404]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /home/nginx/domains/*/log/access.log
port = http,https
maxretry = 10
findtime = 60

#[nginx-w00tw00t-main]
#enabled = true
#filter = nginx-w00tw00t-main
#action = csfdeny[name=nginx-w00tw00t-main]
##action   = cloudflare
#action   = cloudflaretoken
#logpath = /var/log/nginx/localhost.access.log
#port   = http,https
#maxretry = 1
#bantime  = 86400

#[nginx-w00tw00t]
#enabled = true
#filter = nginx-w00tw00t
#action = csfdeny[name=nginx-w00tw00t]
##action   = cloudflare
#action   = cloudflaretoken
#logpath = /home/nginx/domains/*/log/access.log
#port   = http,https
#maxretry = 1
#bantime  = 86400

[phpmyadmin-cmm]
enabled = false
filter = phpmyadmin-cmm
action = csfdeny[name=phpmyadmin-cmm]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /var/log/nginx/localhost.access.log
port = http,https
bantime = 3600
maxretry = 5
findtime = 60

[phpmyadmin-other]
enabled = false
filter = phpmyadmin-other
action = csfdeny[name=phpmyadmin-other]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /home/nginx/domains/*/log/access.log
port = http,https
bantime = 3600
maxretry = 5
findtime = 60

[adminer-main]
enabled = false
filter = adminer-main
action = csfdeny[name=adminer-main]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /var/log/nginx/localhost.access.log
port = http,https
bantime = 3600
maxretry = 5
findtime = 60

[adminer]
enabled = false
filter = adminer
action = csfdeny[name=adminer]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /home/nginx/domains/*/log/access.log
port = http,https
bantime = 3600
maxretry = 5
findtime = 60

[wordpress-auth-main]
enabled = true
filter = wordpress-auth-main
action = csfdeny[name=wordpress-auth-main]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /var/log/nginx/localhost.access.log
port = http,https
maxretry = 3
findtime = 60

[wordpress-auth]
enabled = true
filter = wordpress-auth
action = csfdeny[name=wordpress-auth]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /home/nginx/domains/*/log/access.log
port = http,https
maxretry = 3
findtime = 60

[wordpress-comment-main]
enabled = true
filter = wordpress-comment-main
action = csfdeny[name=wordpress-comment-main]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /var/log/nginx/localhost.access.log
port = http,https
bantime = 3600
maxretry = 5
findtime = 60

[wordpress-comment]
enabled = true
filter = wordpress-comment
action = csfdeny[name=wordpress-comment]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /home/nginx/domains/*/log/access.log
port = http,https
bantime = 3600
maxretry = 5
findtime = 60

[wordpress-pingback-main]
enabled = true
filter = wordpress-pingback-main
action = csfdeny[name=wordpress-pingback-main]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /var/log/nginx/localhost.access.log
#backend  = polling
journalmatch =
port = http,https
bantime = 86400
maxretry = 1
findtime = 1

[wordpress-pingback]
enabled = true
filter = wordpress-pingback
action = csfdeny[name=wordpress-pingback]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /home/nginx/domains/*/log/access.log
#backend  = polling
journalmatch =
port = http,https
bantime = 86400
maxretry = 1
findtime = 1

# repeat offender monitor fail2ban log for banned wordpress-pingback
# entries >5 within 6 hours will be banned for longer 72hr time
[wordpress-pingback-repeat]
enabled = true
filter = wordpress-pingback-repeat
action = csfdeny[name=wordpress-pingback-repeat]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /var/log/fail2ban.log
bantime  = 259200
maxretry = 5
findtime = 21600

# https://en-au.wordpress.org/plugins/sucuri-scanner/
# https://en-au.wordpress.org/plugins/wp-fail2ban/
[wordpress-fail2ban-plugin]
enabled = true
filter = wordpress-fail2ban-plugin
action = csfdeny[name=wordpress-fail2ban-plugin]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /var/log/auth.log
          /var/log/secure
bantime  = 259200
maxretry = 1
findtime = 7200

[vbulletin-main]
enabled = true
filter = vbulletin-main
action = csfdeny[name=vbulletin-main]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /var/log/nginx/localhost.access.log
port = http,https
bantime = 28800
maxretry = 3
findtime = 60

[vbulletin]
enabled = true
filter = vbulletin
action = csfdeny[name=vbulletin]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /home/nginx/domains/*/log/access.log
port = http,https
bantime = 28800
maxretry = 3
findtime = 60

[shells-main]
enabled = true
filter = shells-main
action = csfdeny[name=shells-main]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /var/log/nginx/localhost.access.log
bantime = 604800
maxretry = 1
findtime = 86400

[shells]
enabled = true
filter = shells
action = csfdeny[name=shells]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /home/nginx/domains/*/log/access.log
bantime = 604800
maxretry = 1
findtime = 86400

[http-xensec-main]
enabled = false
port = http,https
filter = http-xensec-main
logpath = /var/log/nginx/localhost.access.log
#number of occurances
maxretry = 5
findtime = 60
#ban for 5 days (in seconds)
bantime = 432000 
action = csfdeny[name=http-xensec-main]
#action   = cloudflare
#action   = cloudflaretoken
#sendmail-whois[name=XenSec, dest=root]

[http-xensec]
enabled = false
port = http,https
filter = http-xensec
logpath = /home/nginx/domains/*/log/access.log
#number of occurances
maxretry = 5
findtime = 60
#ban for 5 days (in seconds)
bantime = 432000 
action = csfdeny[name=http-xensec]
#action   = cloudflare
#action   = cloudflaretoken
#sendmail-whois[name=XenSec, dest=root]

[joomla-auth-main]
enabled = false
filter = joomla-auth-main
action = csfdeny[name=joomla-auth-main]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /var/log/nginx/localhost.access.log
port = http,https
maxretry = 5
bantime = 7200
findtime = 60

[joomla-auth]
enabled = false
filter = joomla-auth
action = csfdeny[name=joomla-auth]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /home/nginx/domains/*/log/access.log
port = http,https
maxretry = 5
bantime = 7200
findtime = 60

[magento-main]
enabled = false
filter = magento-main
action = csfdeny[name=magento-main]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /var/log/nginx/localhost.access.log
port = http,https
maxretry = 5
bantime = 7200
findtime = 60

[magento]
enabled = false
filter = magento
action = csfdeny[name=magento]
#action   = cloudflare
#action   = cloudflaretoken
logpath = /home/nginx/domains/*/log/access.log
port = http,https
maxretry = 5
bantime = 7200
findtime = 60

#[pure-ftpd]
#port     = ftp,ftp-data,ftps,ftps-data
#logpath  = %(pureftpd_log)s
#backend  = %(pureftpd_backend)s

#[nsd]
#port     = 53
#action   = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
           %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
#logpath = /var/log/nsd.log