DEV Community: Thomas Blevins The latest articles on DEV Community by Thomas Blevins (@tb-development). https://dev.to/tb-development https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1098578%2F3fb9d530-6ec4-424c-9480-3f936c31514b.jpeg DEV Community: Thomas Blevins https://dev.to/tb-development en Configuring and Enabling fail2ban to mitigate Wordpress authentication theft with Debian 12 Thomas Blevins Sat, 08 Nov 2025 21:29:36 +0000 https://dev.to/tb-development/configuring-and-enabling-fail2ban-to-mitigate-wordpress-authentication-theft-with-debian-12-f52 https://dev.to/tb-development/configuring-and-enabling-fail2ban-to-mitigate-wordpress-authentication-theft-with-debian-12-f52 <p>We've recently run into a problem with our Wordpress site occasionally getting bombarded with login requests. To safeguard against this, we have implemented fail2ban on our Linux Machine to rate limit these requests.</p> <h1> Nginx Considerations </h1> <p>I am using fail2ban against Nginx access logs, and I've seen multiple times a recommendation to utilize Nginx's built-in rate-limiting <code>limit-req</code> (<a href="https://blog.nginx.org/blog/rate-limiting-nginx" rel="noopener noreferrer">Rate Limiting with Nginx</a>), and their <code>zone</code> idea seems to be what I'm doing when looking for specific requests.</p> <p>I'm instead implementing fail2ban on its own, and just reading the access logs.</p> <h1> What is fail2ban? </h1> <p>Fail2ban reactively scans <code>log files</code> for requests matching a <code>filter</code> (known as a fail) that (over a <code>findtime</code> duration) break the <code>maxretry</code> limit. If this happens, it locks them in <code>jail</code> for a <code>bantime</code>, stopping further requests.</p> <h1> Installing fail2ban </h1> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt update <span class="o">&amp;&amp;</span> <span class="nb">sudo </span>apt upgrade <span class="nb">sudo </span>apt <span class="nb">install </span>fail2ban </code></pre> </div> <p>Ensure the package is installed correctly:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>fail2ban-client <span class="nt">--version</span> </code></pre> </div> <h1> Configuring fail2ban </h1> <p>Copy the default files into files that you can safely customize, without risk of overwriting them with a package update.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cp</span> /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local <span class="nb">cp</span> /etc/fail2ban/jail.conf /etc/fail2ban/jail.local </code></pre> </div> <h1> Configuring the Filter </h1> <p><code>/etc/fail2ban/filter.d/wordpress-login.conf</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight conf"><code>[<span class="n">Definition</span>] <span class="c"># Match any access log line that starts with an IP address and attempts to access the wp-login via POST # If we do want to limit xml access # ^&lt;HOST&gt; .*"(POST) /xmlrpc\.php.*" # If we do want to limit access # ^&lt;HOST&gt; .*"(GET|POST) /wp-admin/.*" </span><span class="n">failregex</span> = ^&lt;<span class="n">HOST</span>&gt; .*<span class="s2">"(POST) /wp-login\.php.*"</span> <span class="c"># If we do want to limit access, don't look for asset requests # ignoreregex = ^&lt;HOST&gt; .*"(GET|POST) /wp-admin/(images|js|css)/.*" </span><span class="n">ignoreregex</span> = </code></pre> </div> <h1> Configuring the Jail </h1> <p><code>/etc/fail2ban/jail.local</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight conf"><code>[<span class="n">wordpress</span>-<span class="n">login</span>] <span class="n">enabled</span> = <span class="n">true</span> <span class="n">filter</span> = <span class="n">wordpress</span>-<span class="n">login</span> <span class="n">port</span> = <span class="n">http</span>,<span class="n">https</span> <span class="n">logpath</span> = /<span class="n">var</span>/<span class="n">log</span>/<span class="n">nginx</span>/*.<span class="n">access</span>.<span class="n">log</span> <span class="n">action</span> = <span class="n">iptables</span>-<span class="n">multiport</span>[<span class="n">name</span>=<span class="n">http</span>, <span class="n">port</span>=<span class="s2">"http,https"</span>, <span class="n">protocol</span>=<span class="n">tcp</span>] <span class="n">maxretry</span> = <span class="m">10</span> <span class="n">findtime</span> = <span class="m">60</span> <span class="n">bantime</span> = <span class="m">3600</span> </code></pre> </div> <ul> <li>The <code>logpath</code> is utilizing a wildcard to scan all site access logs.</li> <li>The <code>action</code> is specifying that we will use the <code>iptables</code> of the firewall to restrict the requests.</li> </ul> <h1> Testing fail2ban </h1> <p>Before booting this up, you can test your individual log files (I believe wildcard is not supported) to see if your filter is reading the "failures" correctly.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>fail2ban-regex /var/log/nginx/my.access.log /etc/fail2ban/filter.d/wordpress-login.conf <span class="nt">--print-all-matched</span> </code></pre> </div> <p>Though, keep in mind you'll have to have logs that will match this filter regex to see anything here.</p> <h1> Starting and Stopping fail2ban </h1> <p>To Start:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>systemctl <span class="nb">enable </span>fail2ban <span class="nb">sudo </span>systemctl start fail2ban </code></pre> </div> <p>To Stop:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>systemctl disable fail2ban <span class="nb">sudo </span>systemctl stop fail2ban </code></pre> </div> <h1> Monitoring fail2ban jails </h1> <p>To see how a specific jail is faring:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>fail2ban-client status wordpress-login </code></pre> </div> <p>and you'll see something like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Status for the jail: wordpress-login |- Filter | |- Currently failed: 156 | |- Total failed: 101134 | `- File list: /var/log/nginx/my.access.log ... `- Actions |- Currently banned: 0 |- Total banned: 1145 `- Banned IP list: </code></pre> </div> <h1> Extra </h1> <ul> <li>Also check out the default <code>sshd</code> jail, all you have to do is enable it.</li> </ul> <h1> Resources </h1> <ul> <li><a href="https://developers.cloudflare.com/waf/rate-limiting-rules/best-practices/" rel="noopener noreferrer">Cloudfare - Rate Limiting Best Practices</a></li> <li><a href="https://bornoe.org/blog/2023/09/basic-fail2ban-commands/" rel="noopener noreferrer">Basic fail2ban Commands</a></li> </ul> fail2ban wordpress linux nginx Creating thumbnails for multi-page Pdfs in Carrierwave 2.2.3 and Rails 7 Thomas Blevins Fri, 09 Jun 2023 19:16:14 +0000 https://dev.to/tb-development/creating-thumbnails-for-multi-page-pdfs-in-carrierwave-223-and-rails-7-1ifb https://dev.to/tb-development/creating-thumbnails-for-multi-page-pdfs-in-carrierwave-223-and-rails-7-1ifb <p>Prerequisites:</p> <ol> <li>Have set up Carrierwave to upload files</li> <li>Know what <code>version :thumb</code> does</li> <li>Have <code>imagemagick</code> and <code>ghostscript</code> installed on the host machine.</li> </ol> <p>Please review this Carrierwave Uploader as the final solution. The documentation should be worthy enough to explain what's going on.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">class</span> <span class="nc">VersionUploader</span> <span class="o">&lt;</span> <span class="no">CarrierWave</span><span class="o">::</span><span class="no">Uploader</span><span class="o">::</span><span class="no">Base</span> <span class="kp">include</span> <span class="no">CarrierWave</span><span class="o">::</span><span class="no">MiniMagick</span> <span class="kp">include</span> <span class="no">CarrierWave</span><span class="o">::</span><span class="no">RMagick</span> <span class="n">storage</span> <span class="ss">:fog</span> <span class="c1"># @doc Specifies the position on remote hosting to save the file</span> <span class="k">def</span> <span class="nf">store_dir</span> <span class="o">=</span> <span class="s2">"shared/system/</span><span class="si">#{</span><span class="n">klass</span><span class="si">}</span><span class="s2">/</span><span class="si">#{</span><span class="n">attachment</span><span class="si">}</span><span class="s2">/</span><span class="si">#{</span><span class="n">id_partition</span><span class="si">}</span><span class="s2">/</span><span class="si">#{</span><span class="n">style</span><span class="si">}</span><span class="s2">/"</span> <span class="c1"># @doc Returns the model class name, camel_case and pluralized.</span> <span class="c1"># @example </span> <span class="c1"># irb(main):038:0&gt; MyModel.first.file.file.klass</span> <span class="c1"># =&gt; "my_models"</span> <span class="k">def</span> <span class="nf">klass</span> <span class="o">=</span> <span class="n">model</span><span class="p">.</span><span class="nf">class</span><span class="p">.</span><span class="nf">name</span><span class="p">.</span><span class="nf">underscore</span><span class="p">.</span><span class="nf">pluralize</span> <span class="c1"># @doc Specifies the uploader's association name that is mounted on the model. In the model `MyModel.rb`, we mount an uploader called VersionUploader, and we call that mount `file`. This is considered the `attachment`</span> <span class="c1"># @example</span> <span class="c1"># irb(main):039:0&gt; MyModel.first.file.file.attachment</span> <span class="c1"># =&gt; "files"</span> <span class="k">def</span> <span class="nf">attachment</span> <span class="o">=</span> <span class="n">mounted_as</span><span class="p">.</span><span class="nf">to_s</span><span class="p">.</span><span class="nf">downcase</span><span class="p">.</span><span class="nf">pluralize</span> <span class="c1"># @doc Creates a section of the final path partitioned by the id's of the model</span> <span class="c1"># @note</span> <span class="c1"># These appear to be the id of the model, with a weird operation done to them.</span> <span class="c1"># I sourced this code from the paperclip compatibility source code of Carrierwave's github as in my situation, I was converting from Paperclip to Carrierwave</span> <span class="k">def</span> <span class="nf">id_partition</span> <span class="o">=</span> <span class="p">(</span><span class="s2">"%09d"</span> <span class="o">%</span> <span class="n">model</span><span class="p">.</span><span class="nf">id</span><span class="p">).</span><span class="nf">scan</span><span class="p">(</span><span class="sr">/.{3}/</span><span class="p">).</span><span class="nf">join</span><span class="p">(</span><span class="s2">"/"</span><span class="p">)</span> <span class="c1"># @doc Specifies the style of file for storage directory purposes</span> <span class="k">def</span> <span class="nf">style</span> <span class="o">=</span> <span class="ss">:original</span> <span class="c1"># @doc Returns the first page of a file</span> <span class="n">version</span> <span class="ss">:thumb</span> <span class="k">do</span> <span class="n">process</span> <span class="ss">:to_array</span> <span class="n">process</span> <span class="ss">:front</span> <span class="n">process</span> <span class="ss">convert: </span><span class="s2">"jpg"</span> <span class="k">def</span> <span class="nf">full_filename</span><span class="p">(</span><span class="n">filename</span> <span class="o">=</span> <span class="n">model</span><span class="p">.</span><span class="nf">file</span><span class="p">.</span><span class="nf">filename</span><span class="p">)</span> <span class="o">=</span> <span class="s2">"</span><span class="si">#{</span><span class="n">filename</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="s2">"."</span><span class="p">).</span><span class="nf">first</span><span class="si">}</span><span class="s2">.jpg"</span> <span class="k">def</span> <span class="nf">style</span> <span class="o">=</span> <span class="ss">:thumb</span> <span class="k">end</span> <span class="kp">private</span> <span class="c1"># @doc Utilizes minimagick to split the uploading file from it's temporary path into an array</span> <span class="c1"># @note This code was sourced from https://github.com/janko/image_processing/wiki/Splitting-a-PDF-into-multiple-images, though I've made a few edits</span> <span class="k">def</span> <span class="nf">to_array</span> <span class="no">MiniMagick</span><span class="o">::</span><span class="no">Image</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span><span class="n">path</span><span class="p">).</span><span class="nf">pages</span><span class="p">.</span><span class="nf">count</span><span class="p">.</span><span class="nf">times</span><span class="p">.</span><span class="nf">map</span><span class="p">{</span> <span class="o">|</span><span class="n">page_number</span><span class="o">|</span> <span class="no">ImageProcessing</span><span class="o">::</span><span class="no">MiniMagick</span> <span class="p">.</span><span class="nf">source</span><span class="p">(</span><span class="n">path</span><span class="p">)</span> <span class="p">.</span><span class="nf">convert</span><span class="p">(</span><span class="s2">"jpg"</span><span class="p">)</span> <span class="p">.</span><span class="nf">colorspace</span><span class="p">(</span><span class="s2">"RGB"</span><span class="p">)</span> <span class="p">.</span><span class="nf">loader</span><span class="p">(</span><span class="ss">page: </span><span class="n">page_number</span><span class="p">).</span><span class="nf">call</span> <span class="p">}.</span><span class="nf">first</span> <span class="k">end</span> <span class="c1"># @doc Used in conjunction with `to_array` to return the first page of the array of pages</span> <span class="c1"># @note This utilizes the module CarrierWave::RMagick in some way...</span> <span class="k">def</span> <span class="nf">front</span> <span class="n">manipulate!</span> <span class="k">do</span> <span class="o">|</span><span class="n">frame</span><span class="p">,</span> <span class="n">index</span><span class="o">|</span> <span class="n">frame</span> <span class="k">if</span> <span class="n">index</span><span class="p">.</span><span class="nf">zero?</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Hopefully I've made this journey easier than mine was, thanks!</p> carrierwave ruby rails imageprocessing