Fail2ban is a tool that scans log files (e.g. /var/log/apache/error_log) and bans IP's that shows malicious behavior such as too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Out of the box Fail2Ban comes with filters for various services like apache, courier, ssh, etc.

Fail2Ban is able to reduce the rate of incorrect authentications attempts however it cannot eliminate the risk that weak authentication presents. Configure services to use only two factor or public/private authentication mechanisms if you really want to protect services. Fail2ban comes pre-installed on most of our Linux server plans.

Installation on Debian/Ubuntu

Connect to your server over SSH then run:

apt-get install fail2ban

Installation on CentOS

Connect to your server over SSH then run:

yum install fail2ban


Main configuration file is located in: /etc/fail2ban/jail.conf.

nano /etc/fail2ban/jail.conf