How to use the Fail2ban tool to prevent brute force attempts-Linux Operation and Maintenance-php.cn

Home

Operation and Maintenance

Linux Operation and Maintenance

How to use the Fail2ban tool to prevent brute force attempts

王林

Jul 08, 2023 pm 07:15 PM

Brute force cracking protection failban

How to use the Fail2ban tool to prevent brute force attempts

Introduction: The popularity of the Internet has made network security issues a very important topic. Among them, brute force attempts are one of the common security threats. In order to effectively prevent brute force cracking behavior, we can use the Fail2ban tool to help us implement protective measures. This article will describe how to use the Fail2ban tool to prevent brute force attempts and provide some code examples.

1. Introduction to the Fail2ban tool

Fail2ban is an open source firewall tool that is specially used to monitor system logs and configure rules to detect and block IP addresses with malicious intentions. It can automatically monitor the system's log files, and when it detects frequent failed login attempts, it will temporarily prohibit access to the IP address to prevent brute force cracking.

2. Install Fail2ban

Before we begin, we first need to install the Fail2ban tool. On most Linux distributions, it can be installed through the package manager:

sudo apt-get install fail2ban

Copy after login

3. Configure Fail2ban

Create the configuration file

In the configuration Before Fail2ban, we need to create a new configuration file. Run the following command in the terminal:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Copy after login

This will copy the default Fail2ban configuration file to a new file.

Edit configuration file

Open the newly created configuration file /etc/fail2ban/jail.local and edit it as needed. The following are some common configuration items:

ignoreip: Ignore certain IP addresses and do not detect and block them. For example: ignoreip = 127.0.0.1/8
bantime: ban time in seconds. The default is 600 seconds. For example: bantime = 3600
maxretry: Maximum number of retries. If the number of consecutive failures for an IP address exceeds this value within a certain period of time, the IP address will be banned. For example: maxretry = 5
destemail: When an IP address is banned, the target email address for sending an email notification. For example: destemail = admin@example.com
action: The action that triggers the ban operation. It can be sending an email notification (admin), adding it to the firewall (RBLOCK), etc. For example: action = %(action_mwl)s

The following is a sample configuration:

[DEFAULT]
ignoreip = 127.0.0.1/8
bantime = 3600
maxretry = 5
destemail = admin@example.com
action = %(action_mwl)s

[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s

Copy after login

In this sample configuration, we ignore the local IP address and set the ban time to 1 hour, the maximum number of retries is 5. When an IP address is banned, an email notification will be sent to admin@example.com, and the IP address will also be added to the firewall rules.

Save and close the file

After completing the configuration, save and close the file.

4. Start Fail2ban

After the configuration is completed, we need to start the Fail2ban service to make it effective. Run the following command in the terminal:

sudo systemctl start fail2ban

Copy after login

In addition, you can also set Fail2ban to start automatically at boot, which ensures that it runs automatically when the system starts:

sudo systemctl enable fail2ban

Copy after login

5. Test Fail2ban

Finally, we can run some tests to verify that the Fail2ban tool is working properly.

Try brute force cracking

In order to test the protection capabilities of Fail2ban, we can try to log in to the server using a wrong password. You can use the ssh command to test:

ssh username@your_server_ip

Copy after login

After trying multiple times, Fail2ban should automatically detect these failed attempts and ban the corresponding IP address.

Check the ban log

To see which IP addresses have been banned, you can run the following command:

sudo fail2ban-client status

Copy after login

This will display the currently banned IP addresses list.

Conclusion:

By using the Fail2ban tool, we can effectively prevent brute force attempts. With the help of Fail2ban's configuration rules, we can automatically monitor the system's log files and block malicious IP addresses for frequent failed login attempts. This can greatly improve the security of the system and protect the security of the server and user data.

Reference link:

[Fail2ban official website](https://www.fail2ban.org/)
[Fail2ban GitHub repository](https:/ /github.com/fail2ban/fail2ban)

The above is the detailed content of How to use the Fail2ban tool to prevent brute force attempts. For more information, please follow other related articles on the PHP Chinese website!

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)

3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

R.E.P.O. Best Graphic Settings

3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Assassin's Creed Shadows: Seashell Riddle Solution

2 weeks ago By DDD

R.E.P.O. How to Fix Audio if You Can't Hear Anyone

3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

WWE 2K25: How To Unlock Everything In MyRise

3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Where is the login entrance for gmail email?

7467

CakePHP Tutorial

1376

What is the format of the account name of steam

win11 activation key permanent

nyt connections hints and answers

Related knowledge

PHP security protection: Prevent malicious BOT attacks Jun 24, 2023 am 08:19 AM

With the rapid development of the Internet, the number and frequency of cyber attacks are also increasing. Among them, malicious BOT attack is a very common method of network attack. It obtains website background login information by exploiting vulnerabilities or weak passwords, and then performs malicious operations on the website, such as tampering with data, implanting advertisements, etc. Therefore, for websites developed using PHP language, it is very important to strengthen security protection measures, especially in preventing malicious BOT attacks. 1. Strengthen password security. Password security is to prevent malicious BOT attacks.

How to use Lua to protect against web security vulnerabilities in Nginx Jun 10, 2023 pm 04:33 PM

In today's network environment, web security vulnerabilities have become a threat to all websites and applications. They can lead to data breaches, user information exposure, malware installation, and other catastrophic consequences. Therefore, it is very important to prevent and guard against web security vulnerabilities in Internet applications. Nginx is an open source, high-performance web server that is widely used in various websites on the Internet. This article will introduce how to use Lua in Nginx to protect against web security vulnerabilities. 1. What is LuaLua is a lightweight

PHP form security protection: prevent forged HTTP requests Jun 24, 2023 pm 01:18 PM

As a popular web development language, PHP is widely used in various applications. However, as hackers and hacking techniques continue to evolve, many developers have discovered that their PHP applications are vulnerable to forged HTTP requests. This kind of attack may lead to leakage of users' sensitive information, session hijacking and other issues. To protect PHP forms from such attacks, developers need to take some basic security precautions. Verifying the HTTP Request Origin First, developers should verify that the HTTP request for form data is

Simple and Easy: Steps to Turn Off Windows Security Center Threat Protection Mar 27, 2024 pm 12:18 PM

Turning off the threat protection function of Windows Security Center is not a routine operation, but sometimes we may need to do it. For example, when installing certain software, this function may interfere with the normal operation of the software. Here are the specific steps to turn off the threat protection function of Windows Security Center. First, open the Windows Security Center. You can open the program by searching for "Windows Security Center" in the Start menu, or you can find and click Windows Security in the system tray

How to use PHP forms to prevent iframe hijacking attacks Jun 24, 2023 am 11:13 AM

With the popularity of the Internet, network security issues have become increasingly prominent. Among them, iframe hijacking attack is a common means of network attack. This attack method mainly loads the attacker's malicious page by embedding iframe tags in the Web page, thereby achieving the purpose of controlling the user's browser. In order to prevent iframe hijacking attacks, this article will introduce how to use PHP forms to implement security prevention. Detection environment In PHP development, use the following code to detect whether you are currently in an iframe environment: if(i

Things to note when developing ThinkPHP: Preventing SQL injection attacks Nov 22, 2023 pm 07:23 PM

ThinkPHP is a commonly used PHP development framework with powerful functions and flexible development methods. However, during use, we need to pay attention to preventing SQL injection attacks. SQL injection attack refers to an attack method that inserts malicious SQL statements into user-entered data to tamper with database operations or obtain sensitive information. This article will introduce some precautions to prevent SQL injection attacks. Use prepared statements: Prepared statements can effectively prevent SQL injection attacks. In ThinkPHP, I

The practical application of Redis in security reinforcement and protection May 10, 2023 pm 11:01 PM

Redis is an open source in-memory database. Due to its high performance, scalability and ease of use, it is increasingly favored by developers in practical applications. However, when using Redis, due to its large number of configuration options and powerful command set, if security is not hardened, you may face various security threats and attack risks. This article will focus on the practical application of Redis in security reinforcement and protection. 1. Common Redis attack methods When applying Redis, in order to protect the Redis instance from attacks and illegal operations

PHP security protection: prohibit harmful file uploads Jun 24, 2023 am 10:42 AM

With the continuous development of Internet technology, more and more websites use PHP as the backend development language. However, due to developers' neglect of PHP security protection measures, many websites have file upload vulnerabilities, which gives hackers an opportunity to take advantage of them. This article will introduce the principles of PHP file upload vulnerabilities and how to implement security protection. 1. Principle of File Upload Vulnerability File upload vulnerability refers to an attack method in which hackers upload malicious files to execute malicious code on the target server. Uploading vulnerabilities is usually caused by developers designing files

See all articles