Server - Contents

The Fail2Ban

stop bruteforce attack attempts to enter the server

revised: 19-Apr-2023

There are constant attempts to try to enter the server by guessing passwords -especially those associated with the user:root. To prevent this abuse, the application 'Fail2Ban' blocks the IP where attempts greater then 3 tries at entering a password for a period usually about 10min (depends on how it is configured). For further information see: Fail2Ban on Ubuntu

Step01: Install Fail2Ban

root# apt -y install fail2ban

Lastly, check the status of fail2ban:

root# systemctl status fail2ban  Note: Ctl+c to exit status

If fail2ban is not active

root# systemctl start fail2ban

Login to Webmin in your browser (user:root), and first click on "Refresh Modules". Then go to "Networking"->"Fail2Ban"
One should find the sshd 'jail' active -- preventing more that 5 fail attempts to login as it implements a lockout of 10min. These parameters can be changed to suit one's preferences.

Note: Should there be a failure in activating fail2ban, try, in the terminal, this command:
root# fail2ban-client start  The response will give a more meaningful error message.
Check out this - Configure Fail2Ban
Server - Contents