Fail2Ban is an advanced security tool integrated into ServerAvatar that helps protect your server against brute-force attacks and unauthorized access attempts. With Fail2Ban, you can automatically block malicious IP addresses from accessing critical services, such as SSH, reducing the risk of potential security breaches.
If you want to enable fail2ban in ServerAvatar, follow the steps given below:
Step 1: First, log in to the ServerAvatar Account.
Step 2: Click on the Server Dashboard button.
Step 3: Now, you will see the option Fail2ban on the left-hand sidebar of the Server Panel. Click on Fail2ban.
Step 4: Toggle the switch to enable Fail2Ban on your server.
Customizing Fail2Ban Settings
After enabling Fail2Ban, you can customize its settings using the following parameters:
Here you have to fill-
- Ban Time: The "Ban Time" specifies the duration (in minutes or hours) an IP address remains blocked after exceeding the maximum allowed login attempts. During this time, the offending IP is prevented from accessing your server, enhancing its defenses.
- Find Time: The "Find Time" denotes the observation window (in minutes or hours) during which Fail2Ban monitors login attempts. If the number of login tries from a single IP surpasses the "Max Retry" value within this timeframe, Fail2Ban takes swift action to safeguard your server.
- Max Retry: "Max Retry" defines the maximum permissible login attempts from a single IP address within the specified "Find Time." Once this threshold is exceeded, Fail2Ban automatically imposes a ban to deter potential security breaches.
Managing Ban and Ignore IP Addresses
Fail2Ban provides a simple table with two tabs - "Ban IPs" and "Ignore IPs" - to help you manage IP addresses effectively.
The "Ban IP" tab displays a table containing IP addresses that are currently ban from accessing your server. You have the option to remove a ban by clicking the "Delete" button next to the respective IP address.
The "Ignore IP" tab displays a table containing IP addresses that are explicitly ignore by Fail2Ban. Ignore IPs will not be banned, regardless of their login attempts. You can remove an IP from the ignore list by clicking the "Delete" button next to the respective IP address.
Adding IP Addresses for Ban or Ignore
You can add IP addresses to the Ban or Ignore lists using the "Add" button. Clicking the "Add" button will open a form in a modal where you can specify the IP address. Submit the form to add the IP to the respective list.