Fend off Brute Force Attacks with Fail2ban
Please Note:
The text on this page was translated by translation software. A revised version from our editors will be available soon.
Please use the “Print” function at the bottom of the page to create a PDF.
For root servers with Linux operating system
Fail2Ban is a program for Linux that detects and blocks brute-force attacks.
Fail2ban monitors the entries in the log files of the various services (e.g. SSH, FTP). Too many failed attempts result in the attacking IP address being blocked for a certain period of time so that no further connections are established.
setup
Example for installation under Debian and Ubuntu:
sudo apt-get install fail2bansetup
If you want to use fail2ban with settings that differ from the default configuration (/etc/fail2ban/jail.conf), you can create the file /etc/fail2ban/jail.local for this purpose and enter the desired settings there. These then overwrite the respective values of jail.conf.
Please note: Avoid changing settings in the jail.conf file, as this may cause problems with future fail2ban updates. Enter your changes in the jail.local file as described here.
Step 1
Create the file /etc/fail2ban/jail.local, for example as a copy of jail.conf:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local