what is fail2ban?

[lookatmego]

hey there,the past 2 days i have been getting emails from someone called fail2ban with information about my vps...any idea what that is?or who that is?and is this a security breach?

[suwunk]

fail2ban automatically monitors logs and blocks IP addresses doing brute force attacks, One indication of whether anyone is taking undue interest in a system is to keep an eye on failed login attempts.

Fail2Ban scans log files like /var/log/pwdfail and bans IP
that makes too many password failures. It updates firewall
rules to reject the IP address. These rules can be defined by
the user. Fail2Ban can read multiple log files such as sshd
or Apache web server ones.

README - Fail2ban

[lookatmego]

well then im getting attacked hard..ive got 5 emails in past 2 days...help?

[suwunk]

Identify IP addresses that regularly trigger Fail2Ban - so that you can send a report to their ISP or block them using a firewall

You can always add a rule to iptables using the command line to block a particular IP address or block of addresses:

Code:

iptables -A INPUT -p tcp -s <host> --dport <port> -j REJECT --reject-with tcp-reset

Or you could set up a Fail2Ban rule to monitor it's own logfile and block repeat offenders for a longer time period.