For over 20 years, I’ve been running public servers on the web. With the exception of the first year, the operating systems of the servers have always been some Linux variants (Linux is 25 years old right now). Currently my server runs Ubuntu 12.04 LTS with Plesk as a server administration software. It’s a basic virtual server hosted by Host Europe.
As soon as I started to look at the log files, I realized that there’s a lot going on that I wouldn’t classify as “intended use” of my server. It’s a little like watching the security camera monitoring the front door of your house and seeing a steady stream of people trying to get in – sometimes by just pressing the door handle, sometimes by trying to run a giant battering ram into it. Some of them seem just confused, nevertheless, their strategies might be successful sometimes: starting at the left edge of the house, they run into the wall, turning around and trying the same one millimeter to the right, until they finally reach the right edge of the house.
A while ago, I decided to do something about it and installed and configured Fail2ban on my server. The areas that I want to protect are logins via SSH, logins for sending and fetching email, FTP, DNS queries, and logins to Plesk and WordPress. There’s never a guaranteed 100% protection, but reducing server load, log file noise, and risk is worth a try.
Use a guide to learn how to harden your Ubuntu 12.04 LTS server, and read this post to learn how to install and do some basic configuration for Fail2ban. The rest of this post explains how I configured Fail2ban on my server.