DigitalOcean

Report this

What is the reason for this report?
Question

Ban Brutte Force Attacks

Posted on November 25, 2016
Security
Logging
Ubuntu
luis920035

By luis920035

Hi to all, I´m new to Linux and I´m using some servers in Digital Ocean to learn.

I´m suffering continuous login attempts from Chinese IPs and I would like to ban all of them. Or at least ban anyone failing to log for several times in a short period of time.

What is the best way to do this? I readed about fail2ban but I would like to know what do you think before configuring.

Thks for your time.



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
Jason Hall
Jason Hall
November 20, 2017

This seems to be an old question so i apologise in advance, however i assume it will still get viewed.

I have created a tool called PyFilter, which aims to filter out all of the requests that are not legitimate to your server, and blocks them if too many are sent. It works by reading log files and checking if a failed request has came from the same IP address within a user configurable amount of time and adding rules to the firewall if too many attempts have been captured, much like fail2ban.

However PyFilter has the ability of cross server ban syncing. Cross server ban syncing allows IP addresses to be banned across multiple servers if this is enabled. For example if IP address X was banned on server Y, and server Z has ban syncing enabled it will blacklist that IP even if that IP has not met the required failed attempts on that server.

PyFilter site PyFilter github

0
Alberto Viana
Alberto Viana
November 25, 2016

Hi Luis,

For me, fail2ban is the best option to do this job. There is an article explained how to install and configure on https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-ubuntu-14-04.

Best regards, Alberto

0
benrebla the man
benrebla the man
November 26, 2016

Hello,

You can ban each IP listed by doing something similar to:

sudo fail2ban-client -vvv set JAIL banip WW.XX.YY.ZZ

Or perhaps UFW:

sudo ufw deny from {ip-address-here} to any

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.