Fail2Ban Not Automatically Ban IP After Several Failed Login Attempts

Question

I have set up a droplet running on Ubuntu 18.04. Everything including my websites on WordPress is working perfectly. But as I read on many blogs regarding hardening server security, then, I tried to install Fail2Ban. Installation is successful and jail is created. But when I tried to enter the wrong password, it does not ban my IP. I have tried all tutorials below but still cannot automatically ban my IP on failed SSH login attempts. Is there somewhere I missed which makes me unable to automatically ban my IP?

Tutorial followed.
https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-ubuntu-14-04
https://www.digitalocean.com/community/tutorials/how-to-protect-an-apache-server-with-fail2ban-on-ubuntu-14-04
https://www.digitalocean.com/community/tutorials/how-to-protect-an-apache-server-with-fail2ban-on-ubuntu-14-04

Below is additional info if it helps.
Webserver: Openlitespeed.
Firewall: DigitalOcean Firewall & UFW.
DNS: Cloudflare.
SSH Connection: Putty.
SSH Login: Using key pairs.
SSH Password login: Disabled.
Root login: Disabled.

Answer 1

bobbyiliev October 24, 2020

Hi there @shahahmadyusof,

What I could suggest is to make sure you restart fail2ban after making any configuration changes

Also make sure findtime isn’t set too low.

Another thing that I could suggest is to try and trigger a few unsuccessful SSH attempts from a different IP besides your main one.

Let me know how it goes!
Regards,
Bobby

Reply Report

shahahmadyusof October 25, 2020

Hi @bobbyiliev ,

Thank you for your reply. I did restart Fai2Ban after making any changes. But, I still unable to unban my IP after a few failed attempts. And currently, my FindTime is set to 3600. Is that a good value? Is there anywhere else I should look into?

I’m a total beginner and as far as I understand, Fail2Ban is used to prevent unauthorized SSH logins. Can I block my SSH port (22) in the firewall as a temporary alternative method and only open it whenever I need it. This is because I’m the only one who going to access SSH in this server.
Reply Report
- bobbyiliev October 26, 2020
  
  Hi there @shahahmadyusof,
  
  Yes indeed it is an alternative option to close port 22 and only allow your IP addresses.
  
  If you don’t already have a firewall installed, you could for example use a firewall like CSF to do so. You can take a look at this tutorial on how to install and configure CSF:
  
  https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-config-server-firewall-csf-on-ubuntu
  
  Hope that this helps!
  Regards,
  Bobby
  
  How To Install and Configure Config Server Firewall (CSF) on Ubuntu
  by Lassi Ruonavaara
  Config Server Firewall (CSF) is a free and advanced firewall for most Linux distributions and Linux based VPS. Learn how to install and configure on Ubuntu.
  
  Reply Report

Answer 2

shahahmadyusof October 25, 2020

Hi @bobbyiliev ,

Thank you for your reply. I did restart Fai2Ban after making any changes. But, I still unable to unban my IP after a few failed attempts. And currently, my FindTime is set to 3600. Is that a good value? Is there anywhere else I should look into?

I’m a total beginner and as far as I understand, Fail2Ban is used to prevent unauthorized SSH logins. Can I block my SSH port (22) in the firewall as a temporary alternative method and only open it whenever I need it. This is because I’m the only one who going to access SSH in this server.
Reply Report
- bobbyiliev October 26, 2020
  
  Hi there @shahahmadyusof,
  
  Yes indeed it is an alternative option to close port 22 and only allow your IP addresses.
  
  If you don’t already have a firewall installed, you could for example use a firewall like CSF to do so. You can take a look at this tutorial on how to install and configure CSF:
  
  https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-config-server-firewall-csf-on-ubuntu
  
  Hope that this helps!
  Regards,
  Bobby
  
  How To Install and Configure Config Server Firewall (CSF) on Ubuntu
  by Lassi Ruonavaara
  Config Server Firewall (CSF) is a free and advanced firewall for most Linux distributions and Linux based VPS. Learn how to install and configure on Ubuntu.
  
  Reply Report

Related

Question

Fail2Ban Not Automatically Ban IP After Several Failed Login Attempts

Leave a comment

Looking for something else?

Sign up for our newsletter

Related

Question

Fail2Ban Not Automatically Ban IP After Several Failed Login Attempts

Leave a comment

Related

question

How did my database got hacked ?

question

Connect to DB installed into dedicated VPS (private networking)

question

Running a web-based video game on a droplet

question

How to create team without Credit Card?

Looking for something else?