Fail2Ban

On these days I decided to tune a bit my new shiny linux server box. I started to set up fail2ban. I think fail2ban is very imporant nowadays because it is a good example of a tool for slowing down attacks without closing your server too much.

Fail2ban is a daemon: it wll monitor your server logs (like sshd) and will ban every failed attept to do something (like login, for instance). The “ban” is simply a timed-firewall rule to ignore the traffic from the attacker.

After a configurable amount of time, fail2ban will re-open the firewall.

This Linode guide is easy to apply to other hosting too.

If you disable wordpress Jetpack, you should configure fail2ban to monitor your wordpress logins too, because Jetpack already protect you from these attacks!

 

To test your regexp, refer to the fail2ban documentation: there is a fail2ban-regexp command to test your filters: remember filtering is tricky and read also the security section on the documentation.

 

Related Post

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.