Fail2ban – prevent brute force and DDOS

Fail2ban is an awesome piece of software which protects against brute force and DDOS attacks. To install fail2ban:

sudo apt-get install fail2ban

The next step is to create a local jail file which will not be overwritten each time fail2ban is updated:

sudo nano /etc/fail2ban/jail.local

Paste the following in jail.local:

enabled  = true
port     = ssh
filter   = sshd
logpath  = /var/log/auth.log
maxretry = 3
bantime = 600

enabled = true
port = http,https
filter = http-get-dos
logpath  = /var/log/apache*/access.log
maxretry = 400
findtime = 400
bantime = 200
action = iptables[name=HTTP, port=http, protocol=tcp]

Save the file using CTRL+O and then restart SSH and Apache with the following commands:

sudo service ssh restart && service apache2 restart

The [ssh] section protects you against SSH brute force attacks and the [http-get-dos] section protects you against Denial of Service (DDOS) attacks.

Should you end up in a situation where one of your IP's are banned you can run the following command:

fail2ban-client set ssh unbanip YOUR-IP-HERE