Forum
Wiki
Your Licenses
Dashboard
Support
Jobs
Hyatlas - ALL IN ONE ツ
Search
Search titles only
By:
Search titles only
By:
Hyatlas - ALL IN ONE ツ
Home
Hyatlas Team
Your Invoices
Search resources
Schematics
Maps
Survival Games
Bedwars
Skywars
Sky PVP
Skyblock
Prison Mines
Arenas
Spawns
Lobbies
Hubs
Waiting Lobbies
Components/Structure
Plugins
Graphics
Models
Templates
Photoshop
After Effects
Cinema 4D
Websites
Illustrator
Banner
Merchandising
Hosting
Dashboard
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Menu
Install the app
Install
Edit history
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
[LIST=1] [*]If you havn't already done so, download the program "[URL='https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html']PuTTY[/URL]". [*]Connect to your root server or VPS/vServer via SSH using [URL='https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html']PuTTY[/URL]. To do this, open [URL='https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html']PuTTY[/URL] and enter the domain or IP address of your server in the text box named "Host Name (or IP address)". Then click the "OK" button below. [*]Update your package lists with the command [COLOR=rgb(184, 49, 47)][U][B]apt update[/B][/U][/COLOR] [*]Now install any available updates of the packages already installed on your server using the command [COLOR=rgb(184, 49, 47)][B][U]apt upgrade -y[/U][/B][/COLOR] [*]Next, install the Nano editor, if it's not already installed, with the following command: [COLOR=rgb(184, 49, 47)][U][B]apt install nano -y[/B][/U][/COLOR] [*]Then install Fail2Ban and other required packages with the following command: [COLOR=rgb(184, 49, 47)][U][B]apt install fail2ban -y[/B][/U][/COLOR] [*]The configuration files of Fail2Ban are located in the directory "/etc/fail2ban/". The global configuration file is the file called "jail.conf", but it's overwritten when you update Fail2Ban. Therefore, the configuration must be done in the "jail.local" file. Copy the file "jail.conf" with the command [COLOR=rgb(184, 49, 47)][B][U]cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local[/U][/B][/COLOR] [*]Now open this configuration file by executing the command [COLOR=rgb(184, 49, 47)][B][U]nano /etc/fail2ban/jail.local[/U][/B][/COLOR] [*]Fail2Ban can be used to secure the SSH service as well as other services. Within the "[B]MISCELLANEOUS OPTIONS[/B]" (starting at line 44) you can globally define after how many failed login attempts an IP address should be banned and also how long this ban should last. However, you can override these values individually for each service - e.g. for the SSH service in the "[B]SSH servers[/B]" section (starting at line 235). [*]The "[B]bantime[/B]" is the number of seconds that an IP address will be banned. The default is 10 minutes ("10m"). It's recommended to set this value to one hour ("1h"). [*]The "[B]findtime[/B]" parameter allows you to specify the period of time in which the amount of failed logins defined by the "[B]maxretry[/B]" parameter must occur so that an IP address is banned. By default, the value for the "[B]findtime[/B]" is 10 minutes ("10m") and "[B]maxretry[/B]" is set to 5. This means that an IP address will be banned if 5 failed login attempts are made within 10 minutes. These values can be left unchanged. [*]By default, the Fail2Ban protection is disabled for all services, so you have to enable it for the SSH service. To do this, go to the "[B]SSH servers[/B]" section starting at line 235 of this configuration file and add the line "[B]enabled = true[/B]" to the SSH service settings ("[B][sshd][/B]"). [*][B]Note:[/B] On Debian, the Fail2Ban protection for your SSH service is the only one that's already enabled because of the file "[B]/etc/fail2ban/jail.d/defaults-debian.conf[/B]", but you can set the "enabled" parameter in your "jail.local" file to "true" anyway. [*]Save your changes to the configuration by pressing CTRL + X, then hit the "Y" key followed by enter. [*]Finally, restart Fail2Ban using the command [COLOR=rgb(184, 49, 47)][B][U]systemctl restart fail2ban[/U][/B][/COLOR] to apply your changes. Now Fail2Ban is ready to use and your SSH server is protected against brute force attacks. [*]In the log file of Fail2Ban at "/var/log/fail2ban.log" you can see what actions have been taken by Fail2Ban (e.g. banning an IP address). You can open this file with the Nano editor (nano /var/log/fail2ban.log). [*]You can also use Fail2Ban to manually ban or unban IP addresses for the SSH server. Use the command [COLOR=rgb(184, 49, 47)][B][U]fail2ban-client set sshd banip 123.123.123.123[/U][/B][/COLOR] to ban an IP address and [COLOR=rgb(184, 49, 47)][U][B]fail2ban-client set sshd unbanip 123.123.123.123[/B][/U][/COLOR] to unban it. Instead of "123.123.123.123" you need to specify the IP address you want to ban or unban. [/LIST]
Revert