Fend off Brute Force Attacks with Fail2ban

Please Note:

The text on this page was translated by translation software. A revised version from our editors will be available soon.

For root servers with Linux operating system

Fail2Ban is a program for Linux that detects and blocks brute-force attacks.

Fail2ban monitors the entries in the log files of the various services (e.g. SSH, FTP). Too many failed attempts result in the attacking IP address being blocked for a certain period of time so that no further connections are established.


Example for installation under Debian and Ubuntu:

sudo apt-get install fail2ban


If you want to use fail2ban with settings that differ from the default configuration (/etc/fail2ban/jail.conf), you can create the file /etc/fail2ban/jail.local for this purpose and enter the desired settings there. These then overwrite the respective values of jail.conf.

Please note: Avoid changing settings in the jail.conf file, as this may cause problems with future fail2ban updates. Enter your changes in the jail.local file as described here.

Step 1

Create the file /etc/fail2ban/jail.local, for example as a copy of jail.conf:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local 

Did this article help you?

Your feedback helps us to further improve our services. To leave feedback, log in to your IONOS account by clicking on the login button at the top right. You can then submit a rating below the article.