How to use Fail2ban for Magento security
Magento is so popular and that’s why it is a juicy target of cyber attackers.
Does that mean using Magento for my website is a risk ?
Luckily, Magento offers too many security features to avoid attacks on your shop. And, Fail2ban largely helps to block these brute-force hack attempts.
At Bobcares, we help website owners to ensure security of Magento stores as part of our Support Services for web hosts.
Today, we’ll see how we configure Fail2ban to make Magento secure.
Why to use Fail2ban to protect Magento?
Magento shop has standard file and folder location in all websites. That is, the admin panel is available at /admin folder, downloads at /downloads and so on. As a result, hackers find it easy to initiate attack to your Magento store.
One of the method used by hackers is to launch brute-force attacks against your shop. Here, they randomly tries different password combinations and finally breaks into the admin panel.
Even if the store uses a strong password, these incorrect login attempts can slow down the server. Therefore, it is really necessary to block these type of intrusion attempts.
Fortunately, Fail2ban is one of the effective solution to avoid these hack attempts. Fail2ban uses the site’s access logs to check for login failed attempts. Then, it will block these IP addresses on the server.
How to setup Fail2ban to protect Magento?
Now, let’s see how we can set up Fail2ban to protect Magento website.
This can be done in 2 steps.
1. Create a jail for Magento
Firstly, we need to create a Fail2ban jail for Magento. For this, we need to create a file /etc/fail2ban/jail.d/magento.conf.
Then add the contents in it.
[magento] enabled = true port = http,https filter = magento logpath = /magentofolder/var/log/system.log bantime = 14400 maxretry = 5 findtime = 600
Here, we tell Fail2ban to search for failed login attempts in Magento system.log file. When there are 5 failed attempts within 10 minutes or 600 seconds, it will result in the ban of IP for 4 hours.
2. Create a filter for Magento
Now, we have to create a filter for Magento. For this, we add a file /etc/fail2ban/filter.d/magento.conf
To protect the admin panel from attack, we can add the following contents in it.
[Definition] failregex = ^<HOST> -.*POST \/index.php\/admin\/.* ignoreregex =
Common fail-points in Magento Fail2ban setup
Although, Fail2ban set up for Magento is rather simple, often it can fail too.
We’ll now take a looks at these failure reasons.
1. IP not banned by Fail2ban
Often, when testing the Fail2ban rules, we can overpass the maxretry limit to enter wrong password and no IP banning happens.
In such cases, our Support Engineers first check the server firewall. And, make sure that the IP is NOT whitelisted. Additionally, we see that only valid IP addresses are white-listed on the server.
2. Bad filter rules
Similarly, often bad filter rules can cause problems with proper working of Fail2ban.
To fix, we analyze and correct the configuration rules. This ensures that the malicious IP addresses are blocked on the server.
Fail2ban proves to be an effective method to prevent brute-force attacks in Magento websites. Today, we’ve seen how our Support Engineers set up Fail2ban for Magento and resolve common issues.