Find us on social media

Client area
Fail2BanSecuritySSH7 min read

Configure Fail2Ban against brute-force attacks

Install and configure Fail2Ban to block IPs attempting brute-force attacks.

Fail2Ban monitors system logs and automatically blocks IPs showing malicious behavior.

Step 1 — Install Fail2Ban

bash
sudo apt update
sudo apt install fail2ban -y

Step 2 — Create local configuration

Never edit jail.conf directly. Create an override:

bash
sudo nano /etc/fail2ban/jail.local

Base content:

ini
[DEFAULT]
bantime = 3600
findtime = 600
maxretry = 3
banaction = iptables-multiport
action = %(action_mwl)s

[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = 86400

Step 3 — Protect Nginx (optional)

Create the filter /etc/fail2ban/filter.d/nginx-limit-req.conf:

ini
[Definition]
failregex = limiting requests, excess:.* by zone.*client: <HOST>
ignoreregex =

Add the jail in jail.local:

ini
[nginx-limit-req]
enabled = true
filter = nginx-limit-req
logpath = /var/log/nginx/error.log
maxretry = 5
bantime = 3600

Step 4 — Protect HTTP authentication

Create /etc/fail2ban/filter.d/nginx-http-auth.conf:

ini
[Definition]
failregex = no user/password was provided for basic authentication.*client: <HOST>
            user .* was not found in.*client: <HOST>
            user .* password mismatch.*client: <HOST>
ignoreregex =

Jail:

ini
[nginx-http-auth]
enabled = true
filter = nginx-http-auth
logpath = /var/log/nginx/error.log
maxretry = 3
bantime = 3600

Step 5 — Activate and verify

bash
sudo systemctl enable fail2ban
sudo systemctl restart fail2ban

Step 6 — Management commands

bash
# General status
sudo fail2ban-client status

# Status of a specific jail
sudo fail2ban-client status sshd

# Unban an IP
sudo fail2ban-client set sshd unbanip 192.168.1.100

# View banned IPs
sudo fail2ban-client get sshd banned

# View Fail2Ban log
sudo tail -f /var/log/fail2ban.log

Step 7 — Whitelist trusted IPs

In jail.local:

ini
[DEFAULT]
ignoreip = 127.0.0.1/8 ::1 YOUR_FIXED_IP

Fail2Ban complements the network DDoS protection included with your Baires Host VPS by blocking application-level attacks.

Was this guide helpful?
← Back to Linux