serba salah sama Fail2Ban

---

pliss salahin aku terus yahh.. wkwkwk.. sebenarnya cara ini cukup manteb sih, tapi gak usah pasang di ssh,, karna ssh cukup private key aja..

Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured

nahh,, pada web resmi-nya sendiri, sudah dijelasin bahwa fail2ban ini hanya pelengkap saja,, tapi bagiku ini penting layaknya kamu. wkwk fail2ban ini ngeblok upaya login yang gagal selama beberapa waktu.. pernah denger bruteforce gak ??

oke no bacott lagi, lets goooooo… seperti biasa,, linux yahh hehe,,

buka terminal dan jadilah root..

sudo su

install fail2ban..

apt install fail2ban

aktifkan fail2ban..

systemctl start fail2ban
systemctl enable fail2ban

copy file konfigurasinya..

cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local

nahh, karna aku mau coba di ftp.. pertama install proftpd dulu,, trus edit file konfigurasi fail2ban dan aktifkan rules ftp nya..

apt install proftpd
systemctl start proftpd
systemctl enable proftpd
nano /etc/fail2ban/jail.local

maka akan muncul seperti ini…

# Fail2Ban main configuration file
#
# Comments: use ‘#’ for comment lines and ‘;’ (following a space) for inline co$
#
# Changes: in most of the cases you should not modify this
# file, but provide customizations in fail2ban.local file, e.g.:
#
# [Definition]
# loglevel = DEBUG
#

edit jadi kayak gini.. pertama edit bagian [default].. habis itu baru ganti [proftpd] nya..

# “bantime” is the number of seconds that a host is banned.
bantime = 600000

# A host is banned if it has generated “maxretry” during the last “findtime”
# seconds.
findtime = 10m

# “maxretry” is the number of failures before a host get banned.
maxretry = 2
——————————–
[proftpd]

enabled = true
port = ftp,ftp-data,ftps,ftps-data
filter = proftpd
logpath = /var/log/proftpd/proftpd.log

singkatnya,, saat mencapai (maxretry) 2 kali salah masukin username/pass maka akan langsung diblok server kurang lebih (600k) 7 hari.. wkwkw okayy sekarang kita test.. pastikan ftp dan fail2ban dah running..

service proftpd status
service fail2ban status

trus coba konek ftp 2x pakai username yg salah dan cek lognya..

nano /var/log/fail2ban.log

2020-04-02 11:49:47,863 fail2ban.filter [24893]: INFO [proftpd] Found 192.168.43.242 - 2020-04-02 11:49:47
2020-04-02 11:49:48,499 fail2ban.actions [24893]: NOTICE [proftpd] 192.168.43.242 already banned

okayy,, fail2ban ini bisa untuk wordpress,webmin,drupal pokoknya banyak dah.. kamu tinggal liat aja di file konfigurasinya..

nano /etc/fail2ban/jail.conf

okayy kalo ada yg ditanyain WA aja.. bye..

---