I have fail2ban working on my server -primarily for wordpress- and it works well. There is one issue, however, that I'd like to ask about.
When a legitimate wordpress user makes a mistake on their password logging- in, there is a delay of at least about two seconds before they submit their corrected password. In fact they could be given a notification screen telling them to be sure to wait at least three seconds before submitting their corrected password. Even with fail2ban fully in effect there are spammers who go so far as to figure out the fail2ban setting and will keep hitting the site with brute force logins (from changing IP's) but stop just before the threshold (whether it be 6 failures in 10 minutes or whatever). Looking at the logs these attempts are often obvious because the time difference between the GET and the POST is often zero or 1. (or short time difference between sequential fails) In fact these are not much of a problem because there can't be very many of them. But does anyone know of a tool that would ban simply based on the time between failures ...in other words, such a tool would ban a failing login if the second attempt happened less than three seconds (or two seconds) after the first? Then legitimate users could simply be informed not to re-enter their password too quickly after an initial fail.
------------------------------------------------------------------------------
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
