Fail2ban Question

brunoschneider · April 10, 2025, 6:53pm

Hello everyone

I have a question about fail2ban.

I would like to automatically ban anyone who tries to access certain types of extensions, for example “.sql”, “.log” or any URL that has “/blog” as its destination, which uses WordPress and is often used for scrawlers

My question is the following: I believe it is possible to do this via Fail2ban.

But how does this work on servers with high traffic?

Reading the access log does not seem like an ideal solution to me. Sometimes our server has so much access that the oldest access times overlap with the new ones.

I am a little confused about which path to follow to ban these “problematic IPs”

Any help is welcome

Thanks

bestperson · April 11, 2025, 12:08am

Hi, WP is very well protected in Hestia, you can see the template. Only static data are open, everything else is closed.

/usr/local/hestia/data/templates/web/nginx/php-fpm

If you want to configure safety as much as possible, you can use
This and limit_req_zone and limit_conn_zone for Nginx. Fail2ban was created on Python and rather heavy, but by default in Hestia it is optimal.