v5b1: Updated fail2ban Filters[Comments]
- Moved "Authentication attempt for unknown user" to wordpress-soft.conf
- The hard filter is intended catch things that are never good, and to ban the IP immediately.
When I first added the rule to catch login attempts with an unknown username, I put it in the hard filter as that’s what made sense at the time; back then, WP fail2ban users didn't get their username wrong.
In v5 I’ve moved it to the soft filter as that’s what makes sense now - things change.
There should now be no reason not to have maxretry = 1 in your wordpress-hard jail.
- Moved "extra" Comment messages to wordpress-soft.conf
- The "comment-extra" messages were a successful experiment.
By standardising the messages they've been condensed to a single rule; with essentially no performance penalty, they can now be included in the the soft filter.