This is a very rough guide to be used only as guidance when setting up fail2ban. This simple setup should work on a low traffic server.
1. Install fail2ban
sudo apt-get update
sudo apt-get install fail2ban
2. Add a filter
Create a file called
On this file add:
[Definition] failregex = ^<HOST> .*POST .*xmlrpc\.php.* ignoreregex =
3. Enable the filter
On this file add the following:
[apache-xmlrpc-access] enabled = true port = http,https filter = apache-xmlrpc logpath = /var/log/apache*/*access.log maxretry = 6
You can change the maxretry set your log path.
4. Finish up by restarting fail2ban
sudo service fail2ban restart