fail2ban logging support

[eva2000]

I am working on my fail2ban implementation for Centmin Mod LEMP users and it just came to me that Xenforo 1.5 and/or XF 2 could have native and optional support for fail2ban for failed logins similar to this wordpress fail2ban plugin https://en-au.wordpress.org/plugins/wp-fail2ban/.

So Xenforo 2 failed logins can be written to a custom user defined log path. Then just have a fail2ban filter and jail to pick up those logged entries for banning at system firewall level or even Cloudflare firewall level via Cloudflare API based fail2ban action

Was originally posted incorrect at https://xf2demo.xenforo.com/threads/fail2ban-logging-support.2513/

 

[Alpha1]

Fail2Ban is intrusion detection software frequently used on servers: https://www.fail2ban.org/wiki/index.php/Main_Page
Fail2ban can be integrated with php software.

For example there are plugins for WordPress:
https://wordpress.org/plugins/wp-fail2ban/
https://wordpress.org/plugins/wp-fail2ban-redux/

Fail2Ban can be used in xenforo to more effectively:

• ban spammers from the server (spamcleaner integration)
• block banned members on server level
• block admincp intrusion attempts.
• block brute force on login
• block scrapers and frequent pings

 

[Jake B.]

@eva2000 actually made a suggestion for this last year

https://xenforo.com/community/threads/fail2ban-logging-support.129155/

 

[Alpha1]

Yeah, I found out and reported it for merging.
@Case could you like the first post?

 

[eva2000]

Definitely would be nice to have in XF 1.5/2.x

 

[Chris D]

Just for the record, you won’t be seeing anything new aside from bug fixes in 1.5 at this point (EU generated mass hysteria aside).

 

[Alpha1]

EU generated mass hysteria aside

Ah, then we can probably expect a few more feature releases for 1.5, as we can always count on the EU in that regard.

 

[Alpha1]

Cloudflare firewall level via Cloudflare API based fail2ban action

I have found this:
https://community.cloudflare.com/t/...h-cloudflare-api-v4-instead-of-default-v1/451
https://guides.wp-bullet.com/integrate-fail2ban-cloudflare-api-v4-guide/
Is this possible for APIv4 now?

 

[eva2000]

I have found this:
https://community.cloudflare.com/t/...h-cloudflare-api-v4-instead-of-default-v1/451
https://guides.wp-bullet.com/integrate-fail2ban-cloudflare-api-v4-guide/
Is this possible for APIv4 now?

Yes you can configure fail2ban to talk with Cloudflare Firewall via CF API but you'd need to configure it on fail2ban side. I did this for my fail2ban + CSF Firewall + Optional Cloudflare firewall implementation for Centmin Mod Nginx i.e. https://github.com/centminmod/centminmod-fail2ban#cloudflare-v4-api