Prerequisites
Before installing Fail2ban, make sure you have:
- SSH access to your VPS
- Root or sudo privileges
💡 Fail2ban monitors log files and bans IP addresses that show malicious behavior like too many password failures.
Step 1: Install Fail2ban
Connect to your VPS:
ssh hxroot@YOUR_SERVER_IP -p 22sudo apt update
sudo apt install fail2ban -yStep 2: Configure Fail2ban
Create local configuration file (don't edit jail.conf directly):
sudo nano /etc/fail2ban/jail.localAdd basic configuration:
[DEFAULT]
bantime = 3600
findtime = 600
maxretry = 5
[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)sStep 3: Restart Fail2ban
sudo systemctl restart fail2ban
sudo systemctl enable fail2banStep 4: Check Fail2ban Status
sudo fail2ban-client statusYou should see sshd in the jail list.
Step 5: View Banned IPs
sudo fail2ban-client status sshdStep 6: Unban an IP Address
sudo fail2ban-client unban 192.168.1.100Customizing Bantime and Retries
Edit /etc/fail2ban/jail.local:
[DEFAULT]
bantime = 86400 # Ban for 1 day
findtime = 600 # Look for failures over 10 minutes
maxretry = 3 # Ban after 3 failures
[sshd]
enabled = true
port = ssh
logpath = /var/log/auth.log
backend = auto
maxretry = 3
bantime = 3600Restart Fail2ban:
sudo systemctl restart fail2banAdd Other Jails (HTTP, FTP, etc.)
For Nginx/Apache:
[nginx-http-auth]
enabled = true
port = http,https
logpath = /var/log/nginx/error.log
maxretry = 3For vsftpd:
[vsftpd]
enabled = true
port = ftp,ftp-data
logpath = /var/log/vsftpd.log
maxretry = 3Test Fail2ban (Simulate Failed Logins)
From another machine, attempt SSH with wrong password 4 times. Then check:
sudo fail2ban-client status sshdView Fail2ban Logs
sudo tail -f /var/log/fail2ban.logWhitelist Your Own IP (Never Get Banned)
In /etc/fail2ban/jail.local:
[DEFAULT]
ignoreip = 127.0.0.1/8 YOUR_HOME_IPRestart Fail2ban.
✅ Fail2ban installed and configured. Brute force attacks will now be automatically blocked.