Fend off Brute Force Attacks with Fail2ban
The text on this page was translated by translation software. A revised version from our editors will be available soon.
For root servers with Linux operating system
Fail2Ban is a program for Linux that detects and blocks brute-force attacks.
Fail2ban monitors the entries in the log files of the various services (e.g. SSH, FTP). Too many failed attempts result in the attacking IP address being blocked for a certain period of time so that no further connections are established.
Example for installation under Debian and Ubuntu:
sudo apt-get install fail2ban
If you want to use fail2ban with settings that differ from the default configuration (/etc/fail2ban/jail.conf), you can create the file /etc/fail2ban/jail.local for this purpose and enter the desired settings there. These then overwrite the respective values of jail.conf.
Please note: Avoid changing settings in the jail.conf file, as this may cause problems with future fail2ban updates. Enter your changes in the jail.local file as described here.
Create the file /etc/fail2ban/jail.local, for example as a copy of jail.conf:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local