Hi,
I have a server with multiple Wordpress installations and want to ban any IP that makes multiple POST requests to xmlrpc.php or wp-login.php using Fail2Ban.
I’ve successfully setup a regex filter which Fail2Ban is matching and then successfully adding IPs to iptables or routes depending on what’s configured in F2B jail.
However site access logs still show these banned IPs getting through.
Is there some sort of proxy that’s allowing these requests through the firewall? I’m using multiPHP.
Thanks again.