fail2ban automatic Intrusion Detection and Prevention software

ftpuzerfail2ban ips/ids works on any Linux server and protects your system with automatic firewall block of anyone trying to access your server maliciously and block their public ip for periods or indefinitely.

The Ban can be extended and the amount of invalid passwords or invalid page requests and can be triggered to tighten the prevention of abuse of the server.

Install fail2ban using you favorite package manager

apt-get install fail2ban
yum install fail2ban

service fail2ban start

show firewall rules including any blocked IPs:

root@someserver:/etc/fail2ban/jail.d# iptable -list
Chain INPUT (policy ACCEPT)
target prot opt source destination
f2b-sshd tcp — anywhere anywhere multiport dports ssh

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain f2b-sshd (1 references)
target prot opt source destination
REJECT all — anywhere reject-with icmp-port-unreachable <——Banned Ip for jail sshd
RETURN all — anywhere anywhere

remove Baned IP from iptables
!***However this leaves to IP still listed in fail2ban and wont block again, so see next section

root@someserver:/etc/fail2ban/jail.d# iptables -D f2b-sshd 1

Need to remove this from fail2ban

<pre>root@someserver:/etc/fail2ban/jail.d# fail2ban-client status
|- Number of jail: 1
`- Jail list: sshd

list the contents of the jail

root@someserver:/etc/fail2ban/jail.d# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 0
| |- Total failed: 11
| `- File list: /var/log/auth.log
`- Actions
|- Currently banned: 1
|- Total banned: 1
`- Banned IP list:

unban ip
fail2ban-client set sshd unbanip

check the ban is off

tail -f /var/log/fail2ban.log
2018-06-30 09:09:03,416 fail2ban.actions [18644]: NOTICE [sshd] Unban

When testing and using an invalid user and password using ssh, it triggers regex 3 times:

2018-06-30 09:10:52,845 fail2ban.filter [18644]: INFO [sshd] Found
2018-06-30 09:11:00,098 fail2ban.filter [18644]: INFO [sshd] Found
2018-06-30 09:11:06,266 fail2ban.filter [18644]: INFO [sshd] Found
2018-06-30 09:11:06,274 fail2ban.actions [18644]: NOTICE [sshd] Ban <——Ban enforced after 3 retries(maxretry)

The default for ssh is 5 retry’s in 60 Seconds. I have decreased this to 3 by adding entry ‘maxretry = 3’ to file in /etc/fail2ban/jails.d

Further Details and full list of commands

How to Manually Unblock / Unban IP Address in fail2ban

Changing WordPress Author of Article from Admin user

Its not good practice to list the authors of a wordpress arcticle, especially if they are an admin user of wordpress. This would give a hacker valid username and they can then attempt to guess the password and then have full access to wordpress site.

Should you need to change the name of the Author who wrote an arcticle or ‘post’ in wordpress, here’s the Dbase sql statement to do that:

  • login to mysql database on linux command line as wordpress user mysql -uwpressuser -p  wordpressdb
  • find list of users and there author id’s

select * from wp_users;

  • Then find list of articles and list by author with id 1

select ID,post_author, post_date, post_title from wp_posts where post_author=1;

Finally, to alter the posts author ID to an alternative NON admin user:

update wp_posts SET post_author=5 where ID=238;

If you would like to remove the users name altogether from future posts read this