Following up on this: https://wordpress.org/support/topic/banning-prematurely-when-accessing-multisite/
Here are the logs where I got banned:
2020-06-01 13:56:21,401 fail2ban.filter [965]: INFO [sshd] Found 176.98.91.211 - 2020-06-01 13:56:21
2020-06-01 14:31:21,861 fail2ban.filter [965]: INFO [sshd] Found 60.216.46.77 - 2020-06-01 14:31:21
2020-06-01 16:00:29,182 fail2ban.filter [965]: INFO [sshd] Found 70.184.171.228 - 2020-06-01 16:00:29
2020-06-01 16:00:29,287 fail2ban.filter [965]: INFO [sshd] Found 70.184.171.228 - 2020-06-01 16:00:29
2020-06-01 18:04:44,806 fail2ban.filter [965]: INFO [sshd] Found 178.128.84.157 - 2020-06-01 18:04:44
2020-06-01 18:25:55,393 fail2ban.filter [965]: INFO [sshd] Found 118.173.12.35 - 2020-06-01 18:25:54
2020-06-01 18:25:58,576 fail2ban.filter [965]: INFO [sshd] Found 113.161.39.20 - 2020-06-01 18:25:58
2020-06-01 18:33:53,372 fail2ban.filter [965]: INFO [sshd] Found 85.214.164.251 - 2020-06-01 18:33:53
2020-06-01 19:11:31,138 fail2ban.filter [965]: INFO [sshd] Found 141.98.81.84 - 2020-06-01 19:11:30
2020-06-01 19:11:33,933 fail2ban.filter [965]: INFO [sshd] Found 141.98.81.99 - 2020-06-01 19:11:33
2020-06-01 19:11:38,550 fail2ban.filter [965]: INFO [sshd] Found 141.98.81.108 - 2020-06-01 19:11:38
2020-06-01 19:11:43,017 fail2ban.filter [965]: INFO [sshd] Found 141.98.81.81 - 2020-06-01 19:11:43
2020-06-01 19:11:46,821 fail2ban.filter [965]: INFO [sshd] Found 141.98.81.83 - 2020-06-01 19:11:46
2020-06-01 19:11:48,743 fail2ban.filter [965]: INFO [sshd] Found 141.98.81.84 - 2020-06-01 19:11:48
2020-06-01 19:11:53,196 fail2ban.filter [965]: INFO [sshd] Found 141.98.81.107 - 2020-06-01 19:11:52
2020-06-01 19:11:54,879 fail2ban.filter [965]: INFO [sshd] Found 141.98.81.108 - 2020-06-01 19:11:54
2020-06-01 19:11:57,882 fail2ban.filter [965]: INFO [sshd] Found 141.98.81.81 - 2020-06-01 19:11:57
2020-06-01 19:36:51,949 fail2ban.filter [965]: INFO [sshd] Found 141.98.9.157 - 2020-06-01 19:36:51
2020-06-01 19:36:55,344 fail2ban.filter [965]: INFO [sshd] Found 141.98.9.159 - 2020-06-01 19:36:55
2020-06-01 19:37:00,928 fail2ban.filter [965]: INFO [sshd] Found 141.98.9.160 - 2020-06-01 19:37:00
2020-06-01 19:37:02,939 fail2ban.filter [965]: INFO [sshd] Found 141.98.9.161 - 2020-06-01 19:37:02
2020-06-01 19:37:08,096 fail2ban.filter [965]: INFO [sshd] Found 141.98.9.137 - 2020-06-01 19:37:08
2020-06-01 19:37:10,234 fail2ban.filter [965]: INFO [sshd] Found 141.98.9.157 - 2020-06-01 19:37:10
2020-06-01 19:37:16,996 fail2ban.filter [965]: INFO [sshd] Found 141.98.9.160 - 2020-06-01 19:37:16
2020-06-01 19:37:20,521 fail2ban.filter [965]: INFO [sshd] Found 141.98.9.161 - 2020-06-01 19:37:20
2020-06-01 19:37:24,323 fail2ban.filter [965]: INFO [sshd] Found 141.98.9.156 - 2020-06-01 19:37:24
2020-06-01 19:37:28,068 fail2ban.filter [965]: INFO [sshd] Found 141.98.9.137 - 2020-06-01 19:37:28
2020-06-01 20:26:39,478 fail2ban.filter [965]: INFO [wordpress-hard] Found 73.96.174.243 - 2020-06-01 20:26:39
2020-06-01 20:26:39,536 fail2ban.actions [965]: NOTICE
Before doing that, I deployed monthly updates, which happens via Laravel Forge. It does this via the following:
cd /home/forge/www.example.com
git pull origin master
composer install --no-interaction --prefer-dist --optimize-autoloader --no-dev
echo "" | sudo -S service php7.3-fpm reload
And that all happens from a Forge IP, so shouldn’t bother me any. Then I simply went to example.com/wp-admin to try and log in. The login form appeared, but all stylesheets and JS were broken (I assume due to the ban – I never even put in a username/password). Upon refresh, I was blocked entirely.
Should I verify that the fail2ban confs are up-to-date? I don’t know how often you change those.
Also, once I’m unbanned, I can log in without issue.