Fail2Ban – Slackening brute force attacks

Fail2Ban is a phyton script that analyzes failed login attempts in logfiles and implements firewall rules to ban brute force attackers. Classic brute force targets on the web are:

  • ssh
  • ftp
  • Apache
  • mySQL

Here is a basic example for Apache in /etc/fail2ban/jail.conf:


enabled = true
port = http,https
filter = apache-auth
logpath = /var/log/apache*/*access.log
maxretry = 5

By default, the global ban time is 600 seconds.

Installation for Debian and Ubuntu is quite simple, as always:

apt-get install fail2ban

Checkt out for other installation packets and further info. If you are running servers on the web, i highly reccomend using somesort of method to disable brute force attacks…and of course, using strong passwords 🙂