In this article, we explain how to install fail2ban and configure it to monitor logs and protect Apache from malicious authentication failure attempts.
Source: Setting Up Fail2ban to Protect Apache From DDOS Attack (Make Tech Easier)
In this article, we explain how to install fail2ban and configure it to monitor logs and protect Apache from malicious authentication failure attempts.
Source: Setting Up Fail2ban to Protect Apache From DDOS Attack (Make Tech Easier)
While this series is intended specifically for Raspberry Pi users, anyone new to Linux that would like to know how to secure their system would likely benefit from reading these articles from “The Unwritten Words”:
Raspberry Pi: Initial Setup (Security – Part I)
Raspberry Pi: iptables (Security – Part II)
Raspberry Pi: fail2ban (Security – Part III)
Having a server or computer connected to a network comes with a certain amount of risk. Any machine, including a VPS, connected to the internet is a potential target for malicious attacks.
While having a well-configured firewall will prevent many kinds of illegitimate access, you still need to open up certain services to allow yourself the ability to log in and administer the server. SSH is the service most commonly used to log into remote systems, and so it also is one of the most frequently targeted.
Fortunately, there is a tool available that can mitigate this attack vector, called fail2ban. This can be configured to allow legitimate logins using SSH, but ban IP addresses after they have failed to authenticate correctly after a set number of times.
Full article here:
How To Protect SSH with fail2ban on Debian 7 (DigitalOcean)
Around 2 years ago I wrote an article about fail2ban.
Fail2ban is an intrusion prevention framework written in the Python programming language. It is able to run on POSIX systems that have an interface to a packet-control system or firewall installed locally (such as, iptables or TCP Wrapper).
Fail2ban’s main function is to block selected IP addresses that may belong to hosts that are trying to breach the system’s security. It determines the hosts to be blocked by monitoring log files (e.g. /var/log/pwdfail, /var/log/auth.log, etc.) and bans any host IP that makes too many login attempts or performs any other unwanted action within a time frame defined by the administrator.
Today I want to show you some configurations that you can use to improve the security of your Apache.
Read the rest here:
How to protect Apache with Fail2ban (Linuxaria)
This article was originally published in November, 2010.
I’m not entirely certain of the original source of this article — I found it on one site, but a quick search reveals that the original source is most likely this site, but I may be wrong. The author of that article says he took some of the info in that article (looks like more than “some” from where I sit) from this article: How to: Linux Iptables block common attacks
Related articles found on that site are Using iptables to secure a Linux based Asterisk installation against hack attempts and Securing Asterisk – Fail2Ban (and that latter article looks suspiciously similar to this one: Fail2Ban (with iptables) And Asterisk).
I don’t know how valid or useful any of this is, but if you are running iptables on your system (if you’re not sure enter iptables -V on the command line — it should show you the version of iptables that is installed, if it is installed) then you might want to check these articles out. And if you find an earlier source for any of these, let me know and I’ll include the links. I know that in the technical community sometimes information gets copied around, but would it kill you guys to give attribution and a link to the original source when you are lifting information (or even raw text) from someone else’s article?
Recent Comments