Authentication and xmlrpc log writer
This plugin writes the log of failed access attempts (brute force attack) and invalids pingbacks requests ( by xmlrpc.php ). Very useful to process data via fail2ban. You can activate the log for each pingback request feature and stop the user enumeration method (by redirecting to the home) with log. If activated it remove the wordpress version number and meta generator in the head section of your site. If activated it disable xmlrpc methods that require authentication, in order to avoid brute force attack by xmlrpc. Use this feature if you don’t need these xmlrpc methods. If activated can kill multiple requests in a single xmlrpc call returning a 401 code on xmlrpc login error. This feature may be useful to prevent server overloading on brute force attack by xmlrpc. You can also view your CUSTOM error log in the admin panel.
E’ possibile effettuare il log tramite
- SYSLOG
- APACHE ERROR_LOG
- PERSONALIZZATO un file di log personalizzato (la path utilizzata deve essere scrivibile altrimenti verrà scritto nell’ ERROR LOG di APACHE)
Esempi di log
-
SYSLOG
Dec 17 14:21:02 webserver wordpress(`SERVER_HTTP_HOST`)[2588]: Authentication failure on [`WORDPRESS_SITE_NAME`] for `USED_LOGIN` from `111.222.333.444` Dec 17 14:21:02 webserver wordpress(`SERVER_HTTP_HOST`)[2588]: Pingback error `IXR_ERROR_CODE` generated on [`WORDPRESS_SITE_NAME`] from `111.222.333.444` Dec 17 14:21:02 webserver wordpress(`SERVER_HTTP_HOST`)[2588]: Pingback requested for `PINGBACK_URL` generated on [`WORDPRESS_SITE_NAME`] from `111.222.333.444` Dec 17 14:21:02 webserver wordpress(`SERVER_HTTP_HOST`)[2588]: User enumeration attempt generated on [`WORDPRESS_SITE_NAME`] from `111.222.333.444` -
APACHE
[Thu Dec 17 14:23:33.662339 2015] [:error] [pid 2580:tid 140001350244096] [client 111.222.333.444:52599] wordpress(`SERVER_HTTP_HOST`) Authentication failure on [`WORDPRESS_SITE_NAME`] for `USED_LOGIN` from `111.222.333.444`, referer: SITE_ADDRESS/wp-login.php [Thu Dec 17 14:23:33.662339 2015] [:error] [pid 2580:tid 140001350244096] [client 111.222.333.444:52599] wordpress(`SERVER_HTTP_HOST`) Pingback error `IXR_ERROR_CODE` generated on [`WORDPRESS_SITE_NAME`] from `111.222.333.444`, referer: SITE_ADDRESS/xmlrpc.php [Thu Dec 17 14:23:33.662339 2015] [:error] [pid 2580:tid 140001350244096] [client 111.222.333.444:52599] wordpress(`SERVER_HTTP_HOST`) Pingback requested for `PINGBACK_URL` generated on [`WORDPRESS_SITE_NAME`] from `111.222.333.444`, referer: SITE_ADDRESS/xmlrpc.php [Thu Dec 17 14:23:33.662339 2015] [:error] [pid 2580:tid 140001350244096] [client 111.222.333.444:52599] wordpress(`SERVER_HTTP_HOST`) User enumeration attempt generated on [`WORDPRESS_SITE_NAME`] from `111.222.333.444` -
PERSONALIZZATO
[Thu Dec 17 14:25:34.000000 2015] wordpress(`SERVER_HTTP_HOST`) Authentication failure on [`WORDPRESS_SITE_NAME`] for `USED_LOGIN` from `111.222.333.444` [Thu Dec 17 14:25:34.000000 2015] wordpress(`SERVER_HTTP_HOST`) Pingback error `IXR_ERROR_CODE` generated on [`WORDPRESS_SITE_NAME`] from `111.222.333.444` [Thu Dec 17 14:25:34.000000 2015] wordpress(`SERVER_HTTP_HOST`) Pingback requested for `PINGBACK_URL` generated on [`WORDPRESS_SITE_NAME`] from `111.222.333.444` [Thu Dec 17 14:25:34.000000 2015] wordpress(`SERVER_HTTP_HOST`) User enumeration attempt generated on [`WORDPRESS_SITE_NAME`] from `111.222.333.444`
configurazione di fail2ban
Visualizza la sezione FAQ
Visualizzatore log
Il visualizzatore di log è disponibile solo se impostato il tipo di errore in PERSONALIZZATO. NB. La path e il file di log devono esistere.
Localizzazione
- Inglese (predefinito) – sempre incluso
- Italiano – dalla versione 1.1.3
Traduzioni
- Inglese – predefinito, sempre incluso
- Italiano – disponibile dalla versione 1.1.3
Note: Sentiti libero di tradurre questo plugin nella tua lignua. E’ molto importante per aiutare la comunità del worldwide. Contribuisci con la traduzione nella tua lingua per rendere il plugin ancora più utile. Per le traduzioni consiglio l’utilizzo di “Poedit Editor”.