Fail2Ban is an open source security tool to prevent brute-force attacks. Its core function is to monitor log files and automatically block suspicious IPs. 1. Its most common purpose is to prevent SSH brute-force cracking. By analyzing log files such as /var/log/auth.log, after discovering that an IP failed to log in multiple times in a short period of time, it calls the firewall to block the IP; 2. Fail2Ban supports a variety of services, including FTP, SMTP, Apache, Nginx and WordPress login pages, etc., and can expand the protection scope through custom rules; 3. The main configuration items include maxretry (number of failures), findtime (time window), bantime (banned duration) and ignoreip (whitelist); 4. The installation and configuration are simple. You only need to install the fail2ban package on Ubuntu/Debian and copy and modify the jail.conf file to enable it. The default configuration is protected SSH; 5. It is recommended to adjust stricter strategies such as maxretry=3 and bantime=1h, and add your own IP to ignoreip to avoid misblocking. You can also enable email notifications to grasp the ban.
Fail2Ban is a commonly used open source security tool. Its main function is to prevent brute-force attacks , such as someone trying to hack your server by constantly testing passwords. It automatically identifies suspicious login attempts by monitoring log files and temporarily or permanently blocks the relevant IP address.
Prevent SSH from being brute-forced
This is one of the most common uses of Fail2Ban. Many people will expose their servers to the public network, and SSH default port (22) is easily targeted. Attackers can constantly try different username and password combinations with automated scripts.
Fail2Ban will monitor /var/log/auth.log (or other system log paths). Once an IP is found to fail to log in multiple times in a short period of time, it will automatically call the firewall (such as iptables or ufw) to block the IP.
To give a simple example:
- An IP failed to log in more than 5 times in 10 minutes
- Fail2Ban automatically blacklists, blocking it for 10 minutes or more
- This way, even if the other party uses automation tools, it is difficult to continue attacking
Supports multiple services, not limited to SSH
Although most commonly used to protect SSH, Fail2Ban can actually monitor logs of many other services, such as:
- FTP, SMTP, Apache, Nginx
- WordPress login page (the rules can be customized)
- Any service that generates text logs
You can add the "jail" configuration as needed, tell Fail2Ban which logs to view, which keywords to match (such as "authentication failure"), and then respond.
Some common configuration items include:
-
maxretry: How many times will it fail and block it after banning -
findtime: How long does a failure count as a set -
bantime: How long does it take to ban? -
ignoreip: Whitelist IP will not be blocked
Installation and configuration threshold is low, suitable for most Linux servers
Installing Fail2Ban is very simple, only one line of command is required on Ubuntu/Debian:
sudo apt install fail2ban
The default configuration has been protected by SSH. You only need to copy a copy of the .local file and modify it to customize the rules:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local sudo nano /etc/fail2ban/jail.local
It is recommended to do at least these things:
- Modifying
maxretryandbantimeis more stringent (such as maxretry=3, bantime=1h) - Add your own IP to
ignoreipto avoid being blocked by mistake - Enable email notifications (optional) to know who was blocked
Basically that's it. Fail2Ban is not complicated but very practical, especially suitable for servers with open access to public networks. With just a little configuration, the risk of being hit by the database can be greatly reduced.
The above is the detailed content of What is the purpose of Fail2Ban?. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How to implement request security protection and vulnerability repair in FastAPI
Jul 29, 2023 am 10:21 AM
How to implement request security protection and vulnerability repair in FastAPI Introduction: In the process of developing web applications, it is very important to ensure the security of the application. FastAPI is a fast (high-performance), easy-to-use, Python web framework with automatic documentation generation. This article will introduce how to implement request security protection and vulnerability repair in FastAPI. 1. Use the secure HTTP protocol. Using the HTTPS protocol is the basis for ensuring application communication security. FastAPI provides
How to prevent file upload vulnerabilities using PHP
Jun 24, 2023 am 08:25 AM
With the popularity of the Internet and the increasing types of websites, the file upload function has become more and more common, but the file upload function has also become one of the key targets of attackers. Attackers can take control of the website and steal user information by uploading malicious files to the website and a series of malicious behaviors. Therefore, how to prevent file upload vulnerabilities has become an important issue in Web security. This article will introduce how to use PHP to prevent file upload vulnerabilities. Check the file type and extension. Attackers often upload malicious files disguised as non-threatening files such as images.
How to turn on the security protection of Sogou Browser
Jan 31, 2024 am 11:51 AM
How to turn on the security protection of Sogou Browser? When we use Sogou Browser, we can turn on security protection to block harmful websites. When we use Sogou Browser, we sometimes encounter harmful websites. If we encounter harmful websites, it will cause danger to the computer. In this case, we can protect online security by turning on security protection. The editor below has compiled a security protection tutorial for opening Sogou Browser. If you are interested, take a look below! Tutorial on opening the security protection of Sogou Browser [Picture and Text] 1. First open Sogou High-speed Browser. You can see the "Show Menu" icon composed of three horizontal lines in the upper right corner of the browser. Use the mouse to click on the icon, as shown in the figure. Show. 2. After clicking, the menu window of Sogou’s latest browser will pop up below.
A brief description of how to turn off security protection in Sogou Browser
Jan 29, 2024 pm 07:45 PM
How to turn off the security protection in Sogou Browser? Too high security blocks the web pages we need. How should I turn it off? When we use Sogou Browser to browse the web, we will encounter the website's built-in complete protection function that blocks some web pages, and then we cannot preview them, which is very inconvenient. How should we solve this situation? What should we do specifically? As for the operation, the editor below has compiled the steps on how to turn off the security protection in Sogou browser. If you don’t know how, follow me and read on! How to turn off the security protection in Sogou Browser 1. First open Sogou High-speed Browser. You can see the "Show Menu" icon composed of three horizontal lines in the upper right corner of the browser. Use the mouse to click on the icon. 2. After clicking, the Sogou browser will pop up below.
ThinkPHP6 Security Protection Guide: Preventing Common Attacks
Aug 25, 2023 pm 09:01 PM
ThinkPHP6 Security Protection Guide: Preventing Common Attacks With the rapid development of the Internet, network security issues have become increasingly prominent, and various attack methods have emerged in endlessly. As a popular PHP open source framework, ThinkPHP6 has also attracted everyone's attention in terms of security. This article will share some common attack methods and how to implement corresponding security protection in ThinkPHP6 to help developers improve system security. SQL injection protection SQL injection is one of the most common attack methods. Attackers usually
PHP security protection: audit user input data
Jun 24, 2023 am 11:12 AM
With the popularity of the Internet, website security issues have become increasingly prominent. Attackers can use various methods to invade websites, steal user information, and even destroy the normal operation of the website. As one of the most popular website development languages ??at present, PHP brings convenience but also comes with some security risks. Among them, the security issues of user input data require special attention and precautions. 1. What is user input data? User input data refers to any data provided by users in the PHP website, including but not limited to form data, URL parameters, Cookie
PHP security protection: controlling CSRF attacks
Jun 24, 2023 am 08:22 AM
With the development of the Internet, the frequency of cyber attacks is increasing. Among them, CSRF (Cross-SiteRequestForgery) attacks have become one of the main threats to websites or applications. A CSRF attack refers to an attacker using a user's logged-in identity to perform illegal operations by forging requests. PHP is a commonly used server-side programming language. Developers need to pay attention to PHP security protection to avoid CSRF attacks. Here are some ways to control CSRF attacks: 1. Use CSRF
How to turn off the security protection of mobile QQ browser
Mar 19, 2024 pm 07:10 PM
How to turn off the security protection of mobile QQ browser? Many friends like to use the mobile QQ browser. This browser can help users modify and edit files, which is very convenient for office and study. This browser has a security depth protection function, which can protect the user's website security and Payment security, etc., but many friends don’t really need this function, so how to turn off security protection. Next, the editor will bring you a tutorial on how to easily turn off security protection on mobile QQ browser. Friends who are interested must not miss it. A list of tutorials on how to easily turn off security protection in mobile QQ browser 1. Open the mobile QQ browser and enter my page. 2. Click the "Settings" icon in the upper right corner (as shown in the picture). 3. Enter the settings page and click "Internet Security"
