I can't match joomlas error.php lines with fail2ban regex. I suspect it might be related with date and time format used in the log file or the amount of whitespaces in the error line. Do you have an idea how to add custom date/time format definition somewhere in fail2ban ?
Log line:
2013-05-28 06:25:39 INFO 1.2.3.4 Joomla FAILURE: Username and password do not match or you do not have an account yet.
With fail2ban-regex i have tried everything from the most general wild cards to copypasting the exact line but nothing matches. Try for eg.
fail2ban-regex "2013-05-28 06:25:39 INFO 1.2.3.4 Joomla FAILURE: Username and password do not match or you do not have an account yet." "^.*<HOST>.*FAILURE"
Installed Packages Name : fail2ban Arch : noarch Version : 0.9.6 Release : 1.el6.1
Problem 1 is that you need a regex that continues to the end of the line. Your log file doesn't end in
FAILURE.Second you need to be a log more strict with your regex, Fail2ban's guide on FILTERS shows how this can lead to a DoS as your regex will expose you too.
To help you work out a stricter regex, use the fail2ban-regex
-Doption and interactively make this into a strict regex