Install: apt-get install fail2ban

config:

/etc/fail2ban/jail.conf

SSHD and wordpress

[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
findtime = 3600
bantime = 7200

[wordpress]
enabled = true
filter = wordpress
logpath = /var/log/auth.log
port = http,https
maxretry = 10
findtime = 3600
bantime = 7200

TO USE WORDPRESS fail2ban,  also need to install wordpress plug-in “WP fail2ban”

[http-get-dos]
enabled = true
port = http,https
filter = http-get-dos
logpath = /var/log/apache2/*access.log
# maxretry is how many GETs we can have in the findtime period before getting narky
maxretry = 400
# findtime is the time period in seconds in which we’re counting “retries” (300 seconds = 5 mins)
findtime = 60
# bantime is how long we should drop incoming GET requests for a given IP for, in this case it’s 5 minutes
bantime = 72000
action = iptables[name=HTTP, port=http, protocol=tcp]

/etc/fail2ban/filter.d/http-get-dos.conf
# Fail2Ban configuration file

[Definition]

# Option: failregex
# Note: This regex will match any GET entry in your logs, so basically all valid and not valid entries are a match.
# You should set up in the jail.conf file, the maxretry and findtime carefully in order to avoid false positives.

failregex = ^<HOST> -.*”(GET|POST).*

# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex = (jpg|png) HTTP