Thanks for your work. Perhaps it is apparent to everyone else except me how to implement this.
1) need to setup piwik to log to file ... (my default installation was logging to screen only)
2) In case I manage to write (eventually) your entry to the "main" auth.log I have modified your php code to make a log entry "Failed PIWIK login ..." to distinguish piwik login failures from others in the same log.
3) Created a matching filter to use that log entry ... and saved in /etc/fail2ban/filters.d/
4) need to set up a jail with path to the piwik log ... (/path to piwik/tmp/logs/piwik.log) and using the above filter.
5) restart fail2ban on your server
Tested by logging in (from another IP via VPN) - failed login recorded in log file and fail2ban blocking access for the IP ... YEAH!
If you like the these files for posting here or on your site - please let me know (not yet familiar with the proper etiquette here ... :-)
thanks for your input. Maybe you can post the relevant lines of your Piwik / fail2ban configuration here in code tags, so that other users may find it here :)
Hi Patrick,
Thanks for your work. Perhaps it is apparent to everyone else except me how to implement this.
1) need to setup piwik to log to file ... (my default installation was logging to screen only) 2) In case I manage to write (eventually) your entry to the "main" auth.log I have modified your php code to make a log entry "Failed PIWIK login ..." to distinguish piwik login failures from others in the same log. 3) Created a matching filter to use that log entry ... and saved in /etc/fail2ban/filters.d/ 4) need to set up a jail with path to the piwik log ... (/path to piwik/tmp/logs/piwik.log) and using the above filter. 5) restart fail2ban on your server
Tested by logging in (from another IP via VPN) - failed login recorded in log file and fail2ban blocking access for the IP ... YEAH! If you like the these files for posting here or on your site - please let me know (not yet familiar with the proper etiquette here ... :-)
Greets/Jes