If your server is exposed to the internet, itβs constantly being attacked β especially on SSH, web logins, and APIs.
π Thatβs where Fail2Ban comes in.
It automatically:
- Detects suspicious activity
- Blocks malicious IPs
- Protects your server in real-time
πΉ Install Fail2Ban (Ubuntu)
sudo apt update
sudo apt install fail2ban -yEnable it:
sudo systemctl enable fail2ban
sudo systemctl start fail2banπΉ Basic Configuration
Copy default config:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.localEdit:
sudo nano /etc/fail2ban/jail.localπΉ Protect SSH
Find [sshd] section:
[sshd]
enabled = true
port = ssh
maxretry = 5
bantime = 3600
findtime = 600β This means:
- 5 failed attempts β ban
- Ban lasts 1 hour
πΉ Protect Nginx (Optional)
[nginx-http-auth]
enabled = true
[nginx-botsearch]
enabled = trueπΉ Restart Fail2Ban
sudo systemctl restart fail2banπΉ Check Status
sudo fail2ban-client statusCheck SSH jail:
sudo fail2ban-client status sshdπΉ Unban IP
sudo fail2ban-client set sshd unbanip <IP>πΉ Pro Tips (Advanced)
- π₯ Use longer bans (e.g. 24h)
- π Combine with firewall (UFW / iptables)
- π© Add email or Telegram alerts
- π§ Whitelist your IP (VERY IMPORTANT)
πΉ Common Mistakes
β Editing jail.conf instead of jail.local
β Locking yourself out (always whitelist your IP!)
β Not restarting service after changes
πΉ Conclusion
With Fail2Ban:
- Your server actively defends itself
- Brute-force attacks are stopped instantly
- Security becomes automated
