Block Bot Attacks

If you have a machine that is exposed to external network then there is a chance that some bot is poking your machine and you need to harden all entry points of your machine. fail2ban is a small program that monitors all your authentication logs for failed login attempts and blocks the bots depending on the thresholds that you specified in configuration file.

Installation

sudo apt-get -y install fail2ban

fail2ban blocks bots for only 600 seconds. To change this setting you have to open /etc/fail2ban/jail.conf and change the configuration option bantime. And restart fail2ban using following command.

sudo /etc/init.d/fail2ban restart

2 comments:

Fragger said...

Thanks :)

Jackie said...

really useful, I'm going to give this a try, thank you ;)