Every Linux server open to the internet is constantly scanned by automated bots. These bots especially try to log in to the SSH service by trial and error method. This type of attack brute force attack It is called.

Fail2Ban tracks unsuccessful login attempts from log files. It automatically bans IP addresses that enter incorrectly more than the specified number. In this way, the attacker cannot try the password repeatedly over the same IP.

1. What Does Fail2Ban Do?

• SSH reduces brute force attacks.
• It bans IP addresses that enter a large number of incorrect entries.
• It takes automatic action by monitoring server logs.
• It works together with the firewall to block attack traffic.
• It can also be used for game server panels, web panel logins and mail services.

2. Fail2Ban Installation

On Ubuntu and Debian based systems:

apt update
apt install fail2ban -y

On CentOS, AlmaLinux or Rocky Linux systems:

yum install epel-release -y
yum install fail2ban -y

To start the service and have it run automatically at startup:

systemctl enable fail2ban
systemctl start fail2ban
systemctl status fail2ban

3. Copy Default Settings File

Fail2Ban settings directly jail.conf It should not be edited in the file. Because this file may change in updates. instead jail.local file is created.

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Then edit the file:

nano /etc/fail2ban/jail.local

4. Enabling SSH Protection

in file [sshd] Find the section and edit it as follows:

[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 5
findtime = 10m
bantime = 1h

This setting means:

• maxretry = 5: Action is taken after 5 incorrect entries.
• findtime = 10m: Attempts are counted within a 10-minute period.
• bantime = 1h: The IP address is banned for 1 hour.

5. Safelisting Your Own IP Address

If you use fixed IP, you can exclude your own IP address from the ban system.

ignoreip = 127.0.0.1/8 192.168.1.1 SUNUCUYA_BAGLANDIGINIZ_IP

here IP TO WHICH YOU ARE CONNECTED TO THE SERVER You must write your real IP address in the field.

6. Restarting Fail2Ban Service

systemctl restart fail2ban

To check the status:

fail2ban-client status

To see SSH jail status:

fail2ban-client status sshd

7. Seeing Banned IP Addresses

fail2ban-client status sshd

on output Banned IP list Banned IP addresses appear in the field.

8. Opening Accidentally Banned IP Address

If your own IP address or the IP address of a trusted user has been banned by mistake, you can remove it with the following command:

fail2ban-client set sshd unbanip IP_ADRESI

Common Mistakes

• Editing the jail.conf file directly
• Not adding your own IP address to the ignoreip field
• Not changing the Fail2Ban port setting even though the SSH port is changed
• Wrongly typing the log file path
• Thinking that Fail2Ban is active and not checking the service status

FAQ

Does Fail2Ban alone provide sufficient security?
No. Fail2Ban is an important layer of protection, but it should be used in conjunction with a strong password, up-to-date system, firewall and correct service configuration.

Does Fail2Ban protect the game server?
It does not analyze game traffic directly. However, it can provide protection through SSH, panel, web services and some login logs.

Can I increase the ban duration?
Yes. You can set the bantime value to longer periods such as 24h, 7d instead of 1h.

Security Recommendations

• Turn off root login.
• Use strong and unique password.
• If possible, log in with SSH key.
• Check Fail2Ban logs regularly.
• Do not leave unnecessary services open to the internet.

This article is specially prepared for PvPServer.