ilLU[TZ]mination main menu

Typo3-fail2ban

You cannot have enough security for your own CMS. Typo3 security can be enhanced with fail2ban to reduce the risk of brute-forcing. Thats how it works:

Install fail2ban on your web-server as root administrator.

Add the following lines to your jail.conf

[apache-typo3]
enabled = true
port = http,https
filter = apache-typo3
logpath = /var/log/apache*/*access.log
maxretry = 7
findtime = 3600
bantime = 7200

Create the filter apache-typo3

(that is a file named apache-typo3.conf in fail2bans subfolder filter.d)
The file has to have at least the following contents:

[Definition]
failregex = ^<HOST> -.*GET.*/login-alert-error\.gif
^<HOST> -.*POST.*/typo3/index\.php
ignoreregex =

To make it easy download a ready-to-go file here .

How does that work ?

Fail2ban checks the given file (here apaches access.log) for changes in short time cycles. When logging in the site /typo3/index.php is called and the account information is posted from there. If login fails, the image login-alert-error.gif is shown and on further attempts to login parameters are posted again from that site.

With the configuration above i decided that one of these events may apear 7 times (maxretry) within one hour (findtime 3600). If it happens one more time, the ip-address is banned for 2 hours (bantime 7200).

Parameters maxretry, findtime, bantime can be set like what ever you think to be useful, but:
Do not set maxretry < 4. The first failure will post the login parameters and get the image. So 2 events are gone. You need the third event for your next attempt.
So my tip: Set maxretry >= 5 !

Hint for multi-user

Even for a succesful login there is one attempt needed. So if you use Typo3 with severel users, set maxretry at least to the number of users adding a few tries for login failures.

My entries or links concerning brute force