[DEFAULT] # Ban IPs for 1 hour (3600 seconds) bantime = 3600 # Look back window: 1 hour (catches slow-scanners spacing attempts >10 min) findtime = 3600 # Ban after 5 failed attempts maxretry = 5 # Use systemd backend on RHEL/AlmaLinux 9 backend = systemd destemail = root@localhost sendername = Fail2Ban [sshd] enabled = true port = ssh,2222 filter = sshd maxretry = 5 bantime = 3600 findtime = 3600 # WordPress wp-login.php brute force protection [wordpress-auth] enabled = true filter = wordpress-auth port = http,https logpath = /var/log/nginx/access.log /var/log/httpd/access_log /var/log/apache2/access.log maxretry = 5 bantime = 3600 findtime = 3600 # Joomla administrator login protection [joomla-auth] enabled = true filter = joomla-auth port = http,https logpath = /var/log/nginx/access.log /var/log/httpd/access_log /var/log/apache2/access.log maxretry = 5 bantime = 3600 findtime = 3600 # Recidive: ban repeat offenders for 1 week # Triggered when an IP gets banned 3+ times within 12 hours [recidive] enabled = true filter = recidive logpath = /var/log/fail2ban.log banaction = iptables-allports bantime = 604800 findtime = 43200 maxretry = 3