Als regexpression funltioniert:^\[.*]* \[client <HOST>:[0-9]+\] mod_fcgid: stderr: user .* joomla authentication failure, referer: .*
Testen:
fail2ban-regex /var/log/ispconf/httpd/uwhh.de/error.log /etc/fail2ban/filter.d/joomla-error.conf
fail2ban-client reload