Ban Brutte Force Attacks

November 25, 2016 114 views
Logging Security Ubuntu

Hi to all, I´m new to Linux and I´m using some servers in Digital Ocean to learn.

I´m suffering continuous login attempts from Chinese IPs and I would like to ban all of them. Or at least ban anyone failing to log for several times in a short period of time.

What is the best way to do this? I readed about fail2ban but I would like to know what do you think before configuring.

Thks for your time.

3 Answers

Hi Luis,

For me, fail2ban is the best option to do this job. There is an article explained how to install and configure on https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-ubuntu-14-04.

Best regards,
Alberto

Hello,

You can ban each IP listed by doing something similar to:

sudo fail2ban-client -vvv set JAIL banip WW.XX.YY.ZZ

Or perhaps UFW:

sudo ufw deny from {ip-address-here} to any

Thks benrebla,

The problem is that this chinese stuff is quite resilient: they will keep trying different ips... how could I ban a hole country !?

I really don´t understand why Digital Ocean hasn´t some standard solution in place: this is becoming a major issue for lots of people...

Have another answer? Share your knowledge.