🛡 How to Set Up Fail2Ban on a VPS
Fail2Ban is a powerful tool that protects your VPS from brute-force attacks via SSH, FTP, mail, and web services. It blocks IP addresses that show suspicious login behavior.
📦 Installing Fail2Ban
For most systems, install with one command:
sudo apt install fail2ban
For CentOS/AlmaLinux:
sudo dnf install fail2ban
⚙️ Basic Configuration
Create a config file:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Edit it with:
sudo nano /etc/fail2ban/jail.local
Recommended parameters:
- 📌 bantime =
3600
— how long the IP is banned (in seconds) - 📌 findtime =
600
— time window for failed attempts - 📌 maxretry =
3
— number of attempts before banning
🔐 SSH Protection
Make sure the [sshd]
section is enabled (enabled = true
).
🚀 Start and Enable Fail2Ban
sudo systemctl enable fail2ban sudo systemctl start fail2ban
🔎 Check Status
sudo fail2ban-client status sudo fail2ban-client status sshd
👍 Bit.Hosting Recommendations
- ⚠️ Don’t block your own IP — add it to
ignoreip
; - ✅ Install Fail2Ban right after deploying your server;
- 🔁 Regularly review logs at
/var/log/fail2ban.log
.
❓ Need help securing your server? Contact Bit.Hosting support — we’ll handle it for you!