Bobcares

How to use Fail2ban for Magento security

by | Dec 24, 2018

Magento is so popular and that’s why it is a juicy target of cyber attackers.

Does that mean using Magento for my website is a risk ?

No.

Luckily, Magento offers too many security features to avoid attacks on your shop. And, Fail2ban largely helps to block these brute-force hack attempts.

At Bobcares, we help website owners to ensure security of Magento stores as part of our Support Services for web hosts.

Today, we’ll see how we configure Fail2ban to make Magento secure.

Why to use Fail2ban to protect Magento?

Magento shop has standard file and folder location in all websites. That is, the admin panel is available at /admin folder, downloads at /downloads and so on. As a result, hackers find  it easy to initiate attack to your Magento store.

One of the method used by hackers is to launch brute-force attacks against your shop. Here, they randomly tries different password combinations and finally breaks into the admin panel.

Even if the store uses a strong password, these incorrect login attempts can slow down the server. Therefore, it is really necessary to block these type of intrusion attempts.

Fortunately, Fail2ban is one of the effective solution to avoid these hack attempts. Fail2ban uses the site’s access logs to check for login failed attempts. Then, it will block these IP addresses on the server.

 

How to setup Fail2ban to protect Magento?

Now, let’s see how we can set up Fail2ban to protect Magento website.

This can be done in 2 steps.

1. Create a jail for Magento

Firstly, we need to create a Fail2ban jail for Magento. For this, we need to create a file /etc/fail2ban/jail.d/magento.conf.

Then add the contents in it.

[magento]
enabled = true
port = http,https
filter = magento
logpath = /magentofolder/var/log/system.log

bantime = 14400
maxretry = 5
findtime = 600

Here, we tell Fail2ban to search for failed login attempts in Magento system.log file. When there are 5 failed attempts within 10 minutes or 600 seconds, it will result in the ban of IP for 4 hours.

2. Create a filter for Magento

Now, we have to create a filter for Magento. For this, we add a file /etc/fail2ban/filter.d/magento.conf

To protect the admin panel from attack, we can add the following contents in it.

[Definition]
failregex = ^<HOST> -.*POST \/index.php\/admin\/.*
ignoreregex =

 

Common fail-points in Magento Fail2ban setup

Although, Fail2ban set up for Magento is rather simple, often it can fail too.

We’ll now take a looks at these failure reasons.

1. IP not banned by Fail2ban

Often, when testing the Fail2ban rules, we can overpass the maxretry limit to enter wrong password and no IP banning happens.

In such cases, our Support Engineers first check the server firewall. And, make sure that the IP is NOT whitelisted. Additionally, we see that only valid IP addresses are white-listed on the server.

2. Bad filter rules

Similarly, often bad filter rules can cause problems with proper working of Fail2ban.

To fix, we analyze and correct the configuration rules. This ensures that the malicious IP addresses are blocked on the server.

 

Conclusion

Fail2ban proves to be an effective method to prevent brute-force attacks in Magento websites. Today, we’ve seen how our Support Engineers set up Fail2ban for Magento and resolve common issues.

 

 

 

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

SEE SERVER ADMIN PLANS

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.