Improve filtering of unsuccessful login attempts
Yesterdays deadlock was very probably related (also) to quite a high attack rate:
ar 19 00:21:24 panda docker-compose[20137]: #033[33mapp_1 |#033[0m 192.168.224.4 - 18/Mar/2019:23:21:24 +0000 "POST /wp-login.php" 200 │
│Mar 19 00:21:24 panda docker-compose[20137]: #033[32mweb_1 |#033[0m 172.18.0.34 - - [18/Mar/2019:23:21:24 +0000] "POST /wp-login.php HTTP/1.1" 200 1839 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" │
│Mar 19 00:21:26 panda docker-compose[20137]: #033[33mapp_1 |#033[0m 192.168.224.4 - 18/Mar/2019:23:21:25 +0000 "GET /wp-login.php" 200 │
│Mar 19 00:21:26 panda docker-compose[20137]: #033[32mweb_1 |#033[0m 172.18.0.34 - - [18/Mar/2019:23:21:26 +0000] "GET /wp-login.php HTTP/1.1" 200 1444 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" │
│Mar 19 00:21:27 panda docker-compose[20137]: #033[33mapp_1 |#033[0m 192.168.224.4 - 18/Mar/2019:23:21:27 +0000 "POST /wp-login.php" 200 │
│Mar 19 00:21:27 panda docker-compose[20137]: #033[32mweb_1 |#033[0m 172.18.0.34 - - [18/Mar/2019:23:21:27 +0000] "POST /wp-login.php HTTP/1.1" 200 1837 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" │
│Mar 19 00:21:28 panda docker-compose[20137]: #033[33mapp_1 |#033[0m 192.168.224.4 - 18/Mar/2019:23:21:28 +0000 "GET /wp-login.php" 200 │
│Mar 19 00:21:28 panda docker-compose[20137]: #033[32mweb_1 |#033[0m 172.18.0.34 - - [18/Mar/2019:23:21:28 +0000] "GET /wp-login.php HTTP/1.1" 200 1444 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" │
│Mar 19 00:21:28 panda docker-compose[546]: #033[33mapp_1 |#033[0m 192.168.64.4 - 18/Mar/2019:23:21:28 +0000 "GET /xmlrpc.php" 405 │
│Mar 19 00:21:28 panda docker-compose[546]: #033[32mweb_1 |#033[0m 172.18.0.34 - - [18/Mar/2019:23:21:28 +0000] "GET /xmlrpc.php HTTP/1.1" 405 53 "-" "Mozilla/5.0 (X11; Linux i686; rv:2.0.1) Gecko/20100101 Firefox/4.0.1" │
│Mar 19 00:21:29 panda docker-compose[546]: #033[33mapp_1 |#033[0m 192.168.64.4 - 18/Mar/2019:23:21:29 +0000 "GET /xmlrpc.php" 405 │
│Mar 19 00:21:29 panda docker-compose[546]: #033[32mweb_1 |#033[0m 172.18.0.34 - - [18/Mar/2019:23:21:29 +0000] "GET /xmlrpc.php HTTP/1.1" 405 53 "-" "Mozilla/5.0 (X11; Linux i686; rv:2.0.1) Gecko/20100101 Firefox/4.0.1" │
│Mar 19 00:21:29 panda docker-compose[20137]: #033[33mapp_1 |#033[0m 192.168.224.4 - 18/Mar/2019:23:21:29 +0000 "POST /wp-login.php" 200 │
│Mar 19 00:21:29 panda docker-compose[20137]: #033[32mweb_1 |#033[0m 172.18.0.34 - - [18/Mar/2019:23:21:29 +0000] "POST /wp-login.php HTTP/1.1" 200 1838 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" │
│Mar 19 00:21:29 panda docker-compose[546]: #033[33mapp_1 |#033[0m 192.168.64.4 - 18/Mar/2019:23:21:29 +0000 "GET /index.php" 200
A better blacklisting of such brute forcing IPs is in need.