Question
Block Countries using UFW or Fail2Ban? Or Block IP if login failed & outside exempt countries?
- Posted on September 24, 2022
- ApacheDigitalOcean Cloud FirewallsSecurityUbuntu 22.04WordPress
Asked by twc8ac35a8636
Hi I am using the WordPress One-Click Install and the WPf2b dashboard shows IPs that aren’t the target audience (United Kingdom). These IPs are from Singapore, India, Thailand and USA -
Date/Time Priority Message
2022-09-24 18:39:46 Z Notice Authentication attempt for unknown user admin from 151.106.116.118
2022-09-24 18:31:38 Z Notice Authentication attempt for unknown user admin from 209.182.195.110
2022-09-24 18:20:25 Z Notice Authentication attempt for unknown user admin from 167.71.234.124
2022-09-24 18:14:56 Z Notice Authentication attempt for unknown user admin from 165.22.109.42
2022-09-24 18:06:39 Z Notice Authentication attempt for unknown user admin from 202.29.236.140
Ideally is it possible the DigitalOcean Fail2Ban filters [wordpress-soft] & [wordpress-hard] permanently ban IPs that are not in the United Kingdom? Please can someone advise how to implement?
Or would it be best to block all these countries to save resources? And potentially stop the website being hacked? If yes, how? Should this be done using UFW or Fail2ban?
My concern with a blanket country ban is it might have negative SEO effects and block a genuine customer.
It’s irritating seeing so many bots trying to hack the website. Wouldn’t it just be best to blanket ban the country they are coming from?
My setup is Ubuntu 22.04.1 LTS Apache 2.4.
Any advice is much appreciated.
Thank you
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Hello there,
The WordPress image that we provide for the 1-click marketplace application includes Fail2ban installed from the default distribution repositories as well as the WordPress Fail2ban plugin that provides integration with WordPress’ authentication system.
These are shipped in the default configuration provided by the WordPress plugin. This configuration should be plenty adequate for most droplets running WordPress but can be further modified and the configuration changed if needed or if you are running additional services that aren’t included in the default configuration.
On another note, you can use CSF to block IPs.
CSF is extremely easy to use and configure.
To block an IP address or range just use:
We also have a tutorial which you can check here:
https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-config-server-firewall-csf-on-ubuntu
Regards
Hello, @twc8ac35a8636
You can do this using
CSF(ConfigServer Firewall) as well. In order to block a country, you can use theCC_DENYoption which accepts two-letter country codes such as the US, GB and etc.In order to list more than one country you just need to separate them using commas:
CC_DENY = "AB,CD,EF"You may find a list of ISO 3166-1 alpha-2 code at https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2
If you’re not familiar with CSF or you want to install it on CentOS or Ubuntu droplet check out this mini tutorial:
For CentOS:
https://www.digitalocean.com/community/questions/how-to-install-and-configure-config-server-firewall-csf-on-centos
and for Ubuntu:
https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-config-server-firewall-csf-on-ubuntu
Hope this helps!
Hello,
I’ve personally done this in the past by using CSF rather than UFW. There is an option in the CSF config that allows you to block specific countries by adding the country code in the CCDENY list in CSF.
How to install and Configure Config Server Firewall (CSF) on CentOS
For Ubuntu use How To Install and Configure Config Server Firewall (CSF) on Ubuntu
Another method would be to use CloudFlare and block the traffic through there. The good thing of doing this is that the traffic would be filtered even before it reaches your server.
Generally speaking, blocking a country would not really prevent a hacker from accessing your website, as they could use a VPN or a proxy server. It is best to keep your website up to date with all of the latest security patches. I would recommend following the steps from this tutorial here on how to secure your WordPress website:
https://www.digitalocean.com/community/questions/how-to-secure-wordpress-without-a-security-plugin
Hope that this helps!
Regards,
Bobby