DeluxHost
Terug naar Documentatie
Security·2 min lezen

Fail2ban: Brute Force Protection

How to install and configure Fail2ban to protect your server from SSH and web brute force attacks

Fail2ban monitors your server logs and automatically blocks IPs that attempt repeated failed logins. It's one of the most important basic security tools for any server exposed on the internet.

02

Installation

bash
# Debian/Ubuntu
apt install fail2ban -y

# CentOS/AlmaLinux
dnf install fail2ban -y

# Enable and start
systemctl enable fail2ban
systemctl start fail2ban
03

Configuration

Fail2ban uses configuration files in /etc/fail2ban/. Never modify jail.conf directly: instead create jail.local which takes precedence:

bash
nano /etc/fail2ban/jail.local

Recommended base configuration:

ini
[DEFAULT]
# Ban for 1 hour (3600 seconds)
bantime  = 3600

# Consider the interval of the last 10 minutes
findtime = 600

# Ban after 5 failed attempts
maxretry = 5

# Email notifications (optional)
# destemail = admin@example.com
# action = %(action_mwl)s

[sshd]
enabled = true
port    = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
maxretry = 3

[nginx-http-auth]
enabled = true

[nginx-botsearch]
enabled  = true
port     = http,https
logpath  = %(nginx_error_log)s
maxretry = 2

After modifying, restart:

bash
systemctl restart fail2ban
04

Useful Commands

Check Status

bash
fail2ban-client status

View Banned IPs in a Jail

bash
fail2ban-client status sshd

Unban an IP

bash
fail2ban-client set sshd unbanip IP_TO_UNBAN

Manually Ban an IP

bash
fail2ban-client set sshd banip IP_TO_BAN

View Fail2ban Logs

bash
tail -f /var/log/fail2ban.log
05

Protect Other Services

WordPress / Web Login

ini
[nginx-wordpress]
enabled  = true
port     = http,https
filter   = nginx-wordpress
logpath  = /var/log/nginx/access.log
maxretry = 5
findtime = 300
bantime  = 3600

Postfix (Email)

ini
[postfix]
enabled = true
port    = smtp,465,submission
logpath = %(postfix_log)s

MySQL

ini
[mysqld-auth]
enabled = true
port    = 3306
logpath = %(mysql_log)s
06

Whitelist: Avoid Banning Yourself

Add your IP to the whitelist to avoid blocking yourself:

ini
[DEFAULT]
ignoreip = 127.0.0.1/8 ::1 YOUR_PUBLIC_IP

If you're the only one accessing the server, always add your IP to the whitelist before enabling Fail2ban. Otherwise you risk banning yourself after too many failed login attempts.

Gerelateerde artikelen

Security

Base Server Hardening

Checklist of fundamental security operations to secure a new VPS before putting it into production

3 min lezen
Security

Change SSH Port

How to change SSH port to reduce automatic brute force attempts from bots and scanners on the internet

2 min lezen
Security

Users and Permissions

How to manage Linux users, groups and file permissions on your server

3 min lezen
Terug naar Documentatie

DeluxHost, opgericht in 2023, biedt hoogwaardige hostingoplossingen voor diverse digitale behoeften. Wij bieden gedeelde hosting, VPS en dedicated servers met geavanceerde beveiliging en wereldwijde datacenters.

© DeluxHost, Alle rechten voorbehouden. | BTW-nummer: IT17734661006
Alle systemen operationeel

Producten

VPSPlus VPSVDSPlus VDSDedicatedGame ServersDeals

Over ons

Neem contact opInfrastructuurNetwerkAnti-DDoS

Juridisch

ServicevoorwaardenPrivacybeleidBeleid voor eerlijk gebruikSLA

Overig

ServicestatusTicket indienenConfiguratieschermDedicated-paneelLooking Glass