Fail2Ban
What is Fail2Ban?
Fail2Ban is an intrusion prevention software framework that protects your server from brute-force attacks by monitoring logs and automatically banning suspicious IPs.
It works by scanning log files (e.g., SSH, FTP, Nginx, etc.), detecting failed login attempts or other suspicious activities, and then updating firewall rules to ban the offending IP addresses temporarily or permanently.
Installing Fail2Ban
To install Fail2Ban on your server via FlashPanel:
- Go to the Applications section of your server.
- Search for Fail2Ban.
- Click Install and wait for the process to complete.
Once installed, the service will start automatically.
Managing Fail2Ban
FlashPanel provides a dedicated interface to manage Fail2Ban:
General Controls
- Start / Stop / Restart the Fail2Ban service
- Uninstall the application
- View Configuration: Open
/etc/fail2banfiles directly - View Logs: Review
/var/log/fail2ban.log
Jail Management
- View a list of active Jails
- Check each jail's:
- Name
- Failed attempts
- Banned IPs
- Unban specific IP addresses
- Add/Edit/Remove custom jails
You can fine-tune jail settings for services like SSH, FTP, Postfix, Nginx, and more.