Estou recebendo uma tonelada de falha, uma tonelada de falha de acesso:
185.103.252.174 - - [28/Apr/2016:15:09:16 -0400] "POST /xmlrpc.php HTTP/1.1" 499 0 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
173.246.56.51 - - [28/Apr/2016:15:09:17 -0400] "POST /xmlrpc.php HTTP/1.1" 499 0 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
185.103.252.173 - - [28/Apr/2016:15:09:17 -0400] "POST /xmlrpc.php HTTP/1.1" 499 0 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
23.226.36.2 - - [28/Apr/2016:15:09:17 -0400] "POST /xmlrpc.php HTTP/1.1" 499 0 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
23.226.36.2 - - [28/Apr/2016:15:09:17 -0400] "POST /xmlrpc.php HTTP/1.1" 499 0 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
185.103.252.173 - - [28/Apr/2016:15:09:17 -0400] "POST /xmlrpc.php HTTP/1.1" 499 0 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
148.251.184.222 - - [28/Apr/2016:15:09:17 -0400] "POST /xmlrpc.php HTTP/1.1" 499 0 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
148.251.184.222 - - [28/Apr/2016:15:09:17 -0400] "POST /xmlrpc.php HTTP/1.1" 499 0 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
148.251.184.222 - - [28/Apr/2016:15:09:18 -0400] "POST /xmlrpc.php HTTP/1.1" 499 0 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
Meu /etc/fail2ban/filter.d/wordpress-auth.conf :
[Definition]
failregex = <HOST>.*POST.*xmlrpc\.php.* 499
No meu /etc/fail2ban/jail.conf :
[wordpress]
enabled = true
port = http,https
filter = wordpress-auth
logpath = /var/log/nginx/access.log
maxretry = 3
bantime = 86400
Reiniciei o fail2ban, mas não estou vendo nenhum [wordpress] no meu /var/log/fail2ban.log . O que estou fazendo errado?
Tudo bem, parece que está funcionando, só demorou a reagir aos logs.