Ban Brutte Force Attacks

This seems to be an old question so i apologise in advance, however i assume it will still get viewed.

I have created a tool called PyFilter, which aims to filter out all of the requests that are not legitimate to your server, and blocks them if too many are sent. It works by reading log files and checking if a failed request has came from the same IP address within a user configurable amount of time and adding rules to the firewall if too many attempts have been captured, much like fail2ban.

However PyFilter has the ability of cross server ban syncing. Cross server ban syncing allows IP addresses to be banned across multiple servers if this is enabled. For example if IP address X was banned on server Y, and server Z has ban syncing enabled it will blacklist that IP even if that IP has not met the required failed attempts on that server.

PyFilter site PyFilter github

Thks benrebla,

The problem is that this chinese stuff is quite resilient: they will keep trying different ips… how could I ban a hole country !?

I really don´t understand why Digital Ocean hasn´t some standard solution in place: this is becoming a major issue for lots of people…

Hello,

You can ban each IP listed by doing something similar to:

sudo fail2ban-client -vvv set JAIL banip WW.XX.YY.ZZ

Or perhaps UFW:

sudo ufw deny from {ip-address-here} to any

Hi Luis,

For me, fail2ban is the best option to do this job. There is an article explained how to install and configure on https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-ubuntu-14-04.

Best regards, Alberto