Typo3-fail2ban
Taken from here: http://www.illutzminator.de/typo3-fail2ban.html?&L=1
You cannot have enough security for your own CMS. Typo3 security can be enhanced with fail2ban to reduce the risk of brute-forcing.
Here’s what to do:
Install fail2ban on your web-server as root administrator.
Add the following lines to your jail.conf
[apache-typo3] enabled = true port = http,https filter = apache-typo3 logpath = /var/log/apache*/*access.log maxretry = 7 findtime = 3600 bantime = 7200
Create the filter apache-typo3
(that is a file named apache-typo3.conf in fail2bans subfolder filter.d)
The file has to have at least the following contents:
[Definition] failregex = ^<HOST> -.*GET.*/login-alert-error\.gif ^<HOST> -.*POST.*/typo3/index\.php ignoreregex =
To make it easy download a ready-to-go file here .
How does that work ?
Fail2ban checks the given file (here apaches access.log) for changes in short time cycles. When logging in the site /typo3/index.php is called and the account information is posted from there. If login fails, the image login-alert-error.gif is shown and on further attempts to login parameters are posted again from that site.
With the configuration above i decided that one of these events may apear 7 times (maxretry) within one hour (findtime 3600). If it happens one more time, the ip-address is banned for 2 hours (bantime 7200).
Parameters maxretry, findtime, bantime can be set like what ever you think to be useful, but:
Do not set maxretry < 4. The first failure will post the login parameters and get the image. So 2 events are gone. You need the third event for your next attempt.
So my tip: Set maxretry >= 5 !
Hint for multi-user
Even for a succesful login there is one attempt needed. So if you use Typo3 with severel users, set maxretry at least to the number of users adding a few tries for login failures.