We are using application load balancer in front of a wordpress server hosted on aws ec2. Here we are using woocommerce plugin in wordpress site and found some suspicious activity from a IP which we want to block. So is there any way to do that using any tools. I know fail2ban however I can't use it since fail2ban does log analysis for blocking IP's and the IP isn't listed in any of the logs. Can anyone help with this one.
Asked
Active
Viewed 177 times
0
-
look at insecurity tools – Jacob Evans Jul 31 '17 at 16:40
2 Answers
1
WordFence comes to find first, it'll block most things right away. I always use it with WP, it's an easy to install, free plugin. Very comprehensive. But I also always use Fail2Ban. Giving up on it just because the IP isn't logged it a cop-out, you should instead ensure it IS getting logged. Logs are your best friend for security.
Lastly, if it really is just one IP you know for sure you want to block, then of course IPTables is easy, or better yet, in your AWS EC2 Security Group you can block any such IP address too.
Snort NIDS/IDS is another good tool.
JayMcTee
- 3,923
- 1
- 13
- 22
0
You might want to use the AWS WAF (web application firewall) along with the application load balancer. You can filter requests using the IP addresses and block other malicious requests as well such as sql injection.
You may refer to this reference on how to use it for filtering IP addresses.
Carlo Miguel Cruz
- 431
- 4
- 12