On multiple occasions we discussed about Fail2Ban. Fail2Ban is a powerful tool for creation of firewall using iptables. However, our previously discussed ways need cloud server or VPS or dedicated server. It is Possible to Use Fail2Ban For Web Hosts Without Root Access on Shared Servers of PasS. There is PHP Port of Fail2Ban. aPaaS like former Rackspace Cloud Sites lack SSH support, while most of the shared web hosts offer limited capability SSH. PaaS usually have SSH access. However, aPaaS, PaaS and Shared Hosting lacks root access despite the offering of SSH.
Fail2Ban For Web Hosts Without Root Access : PHP Port of Fail2Ban
In such use cases, PHP port of Fail2Ban comes handy. It is named Miniban and primarily intended for WordPress :
1 | https://github.com/szepeviktor/wordpress-fail2ban/tree/master/miniban |
Obviously, you need the whole repository :
---
1 | https://github.com/szepeviktor/wordpress-fail2ban |
… as WordPress plugin. This code either needs to be on wp-config.php :
1 2 3 4 5 6 7 | require_once __DIR__ . '/wp-miniban-htaccess.inc.php'; Miniban::init( __DIR__ . '/.htaccess', // These IP addresses and IP ranges will get whitelisted. array( '127.0.0.0/8', 'SERVER-IP', '66.249.64.0/19' ), array( 'autounban' => true ) ); |
…or saved as miniban-load.php file. In later case, you can load from .htaccess file in this manner :
1 2 | # change /PATH/TO/ php_value auto_prepend_file "/PATH/TO/miniban-load.php" |
As pre-requisite, the server better to be running Apache2 as web server software (Nginx does support too but probably has risk of odd errors), capability of setting cron :
1 2 3 | # Set up daily cron job to unban old bans # change /PATH/TO/, /DOC-ROOT/ php -r 'require "/PATH/TO/wp-miniban-htaccess.inc.php";Miniban::init("/DOC-ROOT/.htaccess");Miniban::unban();' |
This is example of minimum .htaccess file :
1 2 3 4 5 6 7 8 9 10 | # Apache ≥ 2.3 <IfModule mod_authz_core.c> <RequireAll> Require all granted Require not env mini_ban </RequireAll> </IfModule> # Mini Ban for Apache directory configuration SetEnvIf Remote_Addr "^192\.168\.1\.100$" mini_ban |
Official plugin repository has quite good documentation. It does work from our tests on IBM Cloud PaaS. If you face any astonishing error please let us know to add that to help other users. Fail2Ban really powerful and widely used. Developer did a great work by porting it.
