--- /etc/fail2ban/jail.conf.orig	2012-12-24 18:47:48.000000000 +0100
+++ /etc/fail2ban/jail.conf	2013-07-29 14:50:56.000000000 +0200
@@ -176,6 +176,17 @@ filter   = apache-overflows
 logpath  = /var/log/apache*/*error.log
 maxretry = 2
 
+[php-auth]
+
+enabled = true
+port    = http,https
+action  = %(action_mwl)s
+filter  = php-auth
+logpath = /var/log/auth.log
+#logpath = /var/log/apache*/*error.log
+#logpath = /var/log/uwsgi/app/*.log
+maxretry = 10
+
 #
 # FTP servers
 #
--- /dev/null	2013-07-22 15:44:45.120000001 +0200
+++ /etc/fail2ban/filter.d/php-auth.conf	2013-07-29 12:40:32.000000000 +0200
@@ -0,0 +1,24 @@
+# Fail2Ban configuration file
+#
+# Author: Walter Doekes
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failure messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+# apache2: [Sun Feb 27 20:17:39 2011] [error] [php] Failed login for test2 from 1.2.3.4 port 53425 (Host: www.example.com)
+# authlog: Mar 26 11:49:34 datezeker uwsgi[14916]: [php] Failed login for test2 from 1.2.3.4 port 48427 (Host: www.example.com)
+failregex = ^.*[[]php[]] Failed login for .* from <HOST> port .*
+
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =