Fail2Ban is a phyton script that analyzes failed login attempts in logfiles and implements firewall rules to ban brute force attackers. Classic brute force targets on the web are:
- ssh
- ftp
- Apache
- mySQL
Here is a basic example for Apache in /etc/fail2ban/jail.conf:
[apache]
enabled = true
port = http,https
filter = apache-auth
logpath = /var/log/apache*/*access.log
maxretry = 5
By default, the global ban time is 600 seconds.
Installation for Debian and Ubuntu is quite simple, as always:
apt-get install fail2ban
Checkt out http://www.fail2ban.org/wiki/index.php/Main_Page for other installation packets and further info. If you are running servers on the web, i highly reccomend using somesort of method to disable brute force attacks…and of course, using strong passwords 🙂