Fail2ban is an awesome piece of software which protects against brute force and DDOS attacks. To install fail2ban:
sudo apt-get install fail2ban
The next step is to create a local jail file which will not be overwritten each time fail2ban is updated:
sudo nano /etc/fail2ban/jail.local
Paste the following in jail.local:
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = 600
[http-get-dos]
enabled = true
port = http,https
filter = http-get-dos
logpath = /var/log/apache*/access.log
maxretry = 400
findtime = 400
bantime = 200
action = iptables[name=HTTP, port=http, protocol=tcp]
Save the file using CTRL+O and then restart SSH and Apache with the following commands:
sudo service ssh restart && service apache2 restart
The [ssh] section protects you against SSH brute force attacks and the [http-get-dos] section protects you against Denial of Service (DDOS) attacks.
Should you end up in a situation where one of your IP's are banned you can run the following command:
fail2ban-client set ssh unbanip YOUR-IP-HERE