Wordfence with multiple sites


#1

hi gyus im installing wordfence and it wants me to add the following to my php.ini

auto_prepend_file = ‘/var/www/xxx.com/htdocs/wordfence-waf.php’

however i have over 12 sites working on this host

it then says that i can add this into seperate php.ini files in the web root for each site and then also add the following into .htaccess

SetEnv PHPRC /home/user/public_html/sitename/php.ini

but, ive never used .htaccess with nginx…

any ideas?


#2

Don’t use WordFence.

It’s heavy, buggy, and it depends on Apache to work.

(You asked for ideas, sorry.) :wink:


#3

I agree, use NinjaFirewall instead much better plugin.


#4

if i could just get this fail2ban to work properly, i wouldn’t need either of them thanks guys!


#5

What’s your matter with Fail2Ban?


#6
2016-04-23 11:25:46,773 fail2ban.jail   : INFO   Jail 'wordpress' stopped
2016-04-23 11:25:47,252 fail2ban.actions: WARNING [ssh] Unban 185.70.184.177
2016-04-23 11:25:47,260 fail2ban.actions.action: ERROR  iptables -D fail2ban-default -s 185.70.184.177 -j REJECT --reject-with icmp-port-unreachable returned 100
2016-04-23 11:25:47,260 fail2ban.actions: WARNING [ssh] Unban 118.39.85.235
2016-04-23 11:25:47,266 fail2ban.actions.action: ERROR  iptables -D fail2ban-default -s 118.39.85.235 -j REJECT --reject-with icmp-port-unreachable returned 100
2016-04-23 11:25:47,266 fail2ban.actions: WARNING [ssh] Unban 115.79.56.126
2016-04-23 11:25:47,271 fail2ban.actions.action: ERROR  iptables -D fail2ban-default -s 115.79.56.126 -j REJECT --reject-with icmp-port-unreachable returned 100
2016-04-23 11:25:47,272 fail2ban.actions: WARNING [ssh] Unban 183.3.202.201
2016-04-23 11:25:47,277 fail2ban.actions.action: ERROR  iptables -D fail2ban-default -s 183.3.202.201 -j REJECT --reject-with icmp-port-unreachable returned 100
2016-04-23 11:25:47,277 fail2ban.actions: WARNING [ssh] Unban 218.158.47.3
2016-04-23 11:25:47,282 fail2ban.actions.action: ERROR  iptables -D fail2ban-default -s 218.158.47.3 -j REJECT --reject-with icmp-port-unreachable returned 100
2016-04-23 11:25:47,282 fail2ban.actions: WARNING [ssh] Unban 115.28.18.15
2016-04-23 11:25:47,287 fail2ban.actions.action: ERROR  iptables -D fail2ban-default -s 115.28.18.15 -j REJECT --reject-with icmp-port-unreachable returned 100
2016-04-23 11:25:47,288 fail2ban.actions: WARNING [ssh] Unban 119.2.116.99
2016-04-23 11:25:47,293 fail2ban.actions.action: ERROR  iptables -D fail2ban-default -s 119.2.116.99 -j REJECT --reject-with icmp-port-unreachable returned 100
2016-04-23 11:25:47,293 fail2ban.actions: WARNING [ssh] Unban 124.205.114.13
2016-04-23 11:25:47,299 fail2ban.actions.action: ERROR  iptables -D fail2ban-default -s 124.205.114.13 -j REJECT --reject-with icmp-port-unreachable returned 100
2016-04-23 11:25:47,299 fail2ban.actions: WARNING [ssh] Unban 112.217.150.112
2016-04-23 11:25:47,305 fail2ban.actions.action: ERROR  iptables -D fail2ban-default -s 112.217.150.112 -j REJECT --reject-with icmp-port-unreachable returned 100
2016-04-23 11:25:47,305 fail2ban.actions: WARNING [ssh] Unban 59.45.79.23
2016-04-23 11:25:47,311 fail2ban.actions.action: ERROR  iptables -D fail2ban-default -s 59.45.79.23 -j REJECT --reject-with icmp-port-unreachable returned 100
2016-04-23 11:25:47,311 fail2ban.actions: WARNING [ssh] Unban 222.186.34.72
2016-04-23 11:25:47,316 fail2ban.actions.action: ERROR  iptables -D fail2ban-default -s 222.186.34.72 -j REJECT --reject-with icmp-port-unreachable returned 100
2016-04-23 11:25:47,316 fail2ban.actions: WARNING [ssh] Unban 183.3.202.184
2016-04-23 11:25:47,322 fail2ban.actions.action: ERROR  iptables -D fail2ban-default -s 183.3.202.184 -j REJECT --reject-with icmp-port-unreachable returned 100
2016-04-23 11:25:47,327 fail2ban.actions.action: ERROR  iptables -D INPUT -p tcp -m multiport --dports ssh -j fail2ban-default

also, it keeps banning the ip’s that i think are connected with jetpack and i can’t get jetpack working


#7

NinjaFirewall and Fail2ban is the best choice

This is my fail2ban settings: https://github.com/gagomap/fail2ban_settings


#8

Is it worth using NinjaFirewall ?


#9

Absolutely. Just read about what it does.


#10

in a responce to my own post, i found out that the kernel my vps was loading was not the same as the modules my system had compiled and used. once i upgraded my server side kernel to match the vps boot up script, it started to work as per usual.

however, i have since started using ithemes security for each wordpress site and fail2ban for everything else (ssh etc)

it has slowed the systems down slightly, however i’d rather be a little slower and safer than faster and foolish.


#11

NinjaFirewall will not slow down your system it’s very lightweight


#12

What Vps were you using and how did you determine the descrepincy? I am having odd issues with Linode and am wondering if this may be the cause. Thanks.


#13

hello @botl

I’m using D/O.

the problem stemmed from logs, i was seeing constant errors from the same ip’s and even though fail2ban claimed to have banned them, they were obviously still able to access the server. then when i checked the server logs, i was getting errors saying that iptables couldn’t ban the ip?

from what i understand, D/O boots up a certain kernel that it has on its own side, and the corresponding modules/kernel headers need to installed on the client (vps host) side…

but i what i had done, was to upgrade the server on the D/O end but not install the updated kernel headers and modules on the host itself… this was making iptables and thus fail2ban go crazy.

for the time being, i’ve basically installed ithemeshield on each site i have. and removed fail2ban-wp so they are no longer connected.

performance is ok, nothing crazy to notice really -

but i’d ideally like to have one IDS system setup that covers everything, ssh, wp, etc…


#14