Building a new server for my hobby website I fell in love with Fail2ban. It provides an automated way to reduce abuse of your infrastructure. Here is a brief tutorial how to use it to protect login page of photo gallery application Piwigo from brute force attacks. Start by downloading a small Piwigo plugin Log Failed Logins. It writes all failed login attempts into a text file. This can be easily used as an input logfile for Fail2ban. The format looks like this:
2015/06/14 22:32:33 ip=192.168.1.100 username=Admin
All you need is to write a new section in your /etc/fail2ban/jail.local configuration file:
[piwigo] enabled = true port = http,https filter = piwigo logpath = /var/log/piwigoFailedLogins.log
And then create a new filter file /etc/fail2ban/filter.d/piwigo.conf with following content:
[INCLUDES] before = common.conf [Definition] failregex = ip=<HOST> ignoreregex =
When you install the Log Failed Logins plugin you need to configure it. The only parameter to setup is the log filename. In the example above that would be /var/log/piwigoFailedLogins.log but you can use any location that suits you. Just make sure that the account running your website (for example www-data) has read/write access to this file:
$ sudo touch /var/log/piwigoFailedLogins.log $ sudo chown www-data:www-data /var/log/piwigoFailedLogins.log
For more information about installing and configuring Fail2ban check out for example following tutorials:
- How To Install and Use Fail2ban on Ubuntu 14.04
- How Fail2ban Works to Protect Services on a Linux Server
And a screenshot of the plugin configuration page:
Configuration page of Log Failed Logins, a Piwigo plugin
Pingback: Building a small server for photography website | freeandthings
Pingback: Securing Private Piwigo Albums | N0's Blog