Fail2ban configuration for Piwigo failed logins

Building a new server for my hobby website I fell in love with Fail2ban. It provides an automated way to reduce abuse of your infrastructure. Here is a brief tutorial how to use it to protect login page of photo gallery application Piwigo from brute force attacks. Start by downloading a small Piwigo plugin Log Failed Logins. It writes all failed login attempts into a text file. This can be easily used as an input logfile for Fail2ban. The format looks like this:

2015/06/14 22:32:33 ip=192.168.1.100 username=Admin

All you need is to write a new section in your /etc/fail2ban/jail.local configuration file:

[piwigo]
enabled = true
port = http,https
filter = piwigo
logpath = /var/log/piwigoFailedLogins.log

And then create a new filter file /etc/fail2ban/filter.d/piwigo.conf with following content:

[INCLUDES]
before = common.conf
[Definition]
failregex = ip=<HOST>
ignoreregex =

When you install the Log Failed Logins plugin you need to configure it. The only parameter to setup is the log filename. In the example above that would be /var/log/piwigoFailedLogins.log but you can use any location that suits you. Just make sure that the account running your website (for example www-data) has read/write access to this file:

$ sudo touch /var/log/piwigoFailedLogins.log
$ sudo chown www-data:www-data /var/log/piwigoFailedLogins.log

For more information about installing and configuring Fail2ban check out for example following tutorials:

And a screenshot of the plugin configuration page:

Log Failed Logins configuration page

Configuration page of Log Failed Logins, a Piwigo plugin

Advertisements

2 comments

  1. Pingback: Building a small server for photography website | freeandthings

  2. Pingback: Securing Private Piwigo Albums | N0's Blog


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s