Fend off Brute Force Attacks with Fail2ban

Please Note:

The text on this page was translated by translation software. A revised version from our editors will be available soon.

For root servers with Linux operating system

Fail2Ban is a program for Linux that detects and blocks brute-force attacks.

Fail2ban monitors the entries in the log files of the various services (e.g. SSH, FTP). Too many failed attempts result in the attacking IP address being blocked for a certain period of time so that no further connections are established.


Example for installation under Debian and Ubuntu:

sudo apt-get install fail2ban


If you want to use fail2ban with settings that differ from the default configuration (/etc/fail2ban/jail.conf), you can create the file /etc/fail2ban/jail.local for this purpose and enter the desired settings there. These then overwrite the respective values of jail.conf.

Please note: Avoid changing settings in the jail.conf file, as this may cause problems with future fail2ban updates. Enter your changes in the jail.local file as described here.

Step 1

Create the file /etc/fail2ban/jail.local, for example as a copy of jail.conf:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local