UpCloud
Effortless global cloud infrastructure for SMBs
Introducing
If you’re interested in what we have to offer, contact sales or fill out a contact form.
Our support live chat is available for our customers 24/7. You can also email our support team.
Send us an email to give feedback or to say hello.
Start a new journey
Why Partner with UpCloud?
I’ve been passionate about the hosting industry since 2001. Before founding UpCloud, my first company grew to become one of Finland’s largest shared web hosting providers, serving over 30,000 customers. Along the way, I faced the same challenges many of you know well—24/7 on-call responsibilities, solving technical issues, and managing customer inquiries.
At UpCloud, we’ve designed a platform that solves these challenges, offering reliability, scalability, and unparalleled support. We understand the pressures you face because we’ve been there too. Partner with us, and let’s help you focus on growing your business while we handle the rest.
Sincerely, Joel Pihlajamaa CTO, Founder
Login
Sign up
Updated on 22.4.2025
Fail2ban is an intrusion prevention framework which works together with a packet-control system or firewall installed on your server and is commonly used to block connection attempts after several failed tries.
It operates by monitoring log files for certain types of entries and runs predetermined actions based on its findings. Since Fail2ban is not available directly from CentOS, you need to install EPEL first before you can install Fail2ban. EPEL contains additional packages for Enterprise Linux, including CentOS.
sudo yum install epel-release
sudo yum install fail2ban
Once installed, copy the default jail.conf file to make a local configuration with this command
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Then open the new local configuration file for edit with your favourite text editor, for example
sudo vi /etc/fail2ban/jail.local
Scroll down to go through some of the settings available in the configuration file.
First up are the basic defaults for ignoreip, which allows you to exclude certain IP addresses from being banned, for example, if your computer has a fixed IP you can enter it here. Next set the bantime which determines how long an offending host will remain blocked until automatically unblocked. Lastly check the findtime and maxretry counts, of which the find time sets the time window for the max retry attempts before the host IP attempting to connect is blocked.
[DEFAULT] ignoreip = 127.0.0.1/8 ::1 bantime = 10m findtime = 10m maxretry = 5
If you have a sendmail service configured on your cloud server, you can enable the email notifications from Fail2ban by entering your email address into the parameter destemail and changing the action = %(action_)s to action = %(action_mw)s.
Once you’ve done the basic configurations, check the different jails available in the configuration options. Jails are the rules which fail2ban applies to any given application or log file.
SSH jail settings, which you can find at the top of the jails list, are disabled by default. You should turn them on by adding enabled = true in the SSH jail section.
[sshd] enabled = true
You can enable any other jail modules in the same fashion by adding the same line just below any jail header like [sshd] in this example above.
When you’ve enabled all the jails you wish, save the configuration file and exit the editor. Then you’ll need to restart the monitor with the following command
sudo systemctl restart fail2ban
With that done, you should now check your iptable rules for the newly added jail sections on each of the application modules you enabled.
sudo iptables -L
Any banned IP addresses will appear in the specific chains where the failed login attempts occurred at. You can also manually ban and unban IP addresses from the services you defined jails for with the following commands.
sudo fail2ban-client set <jail> banip/unbanip <ip address> # For example sudo fail2ban-client set sshd unbanip 83.136.253.43
Fail2ban is a handy addition to a firewall access control in general, feel free to experiment with the configuration and don’t worry if you get your IP address banned, you can always log in through the web Console at your UpCloud Control Panel to unban yourself afterwards.
Join discussion
26.11.2018 at 12.58
I was going to ask how one goes about testing this works and emails are sent, however after being installed and running for less than 5 minutes I got emails saying:
The IP 116.31.116.52 has just been banned by Fail2Ban after 51 attempts against sshd. The IP 212.237.46.220 has just been banned by Fail2Ban after 5 attempts against sshd.
You can always rely on the internet to help test hacking attempts.
Good article, thanks.
27.8.2022 at 15.55
|- Currently banned: 32 |- Total banned: 81 `- Banned IP list: 51.250.99.139 212.14.227.134 124.205.7.227 193.106.191.157 61.177.173.46 61.177.173.48 165.22.106.178 143.198.60.41 180.228.243.235 68.183.19.124 104.131.13.185 61.177.173.36 77.24.124.41 61.177.172.184 43.154.42.151 191.242.105.133 114.92.195.10 61.177.173.51 61.177.173.50 2.234.152.80 27.254.149.199 109.167.197.20 20.122.67.76 128.199.87.28 130.162.135.31 61.177.172.114 64.227.34.196 91.121.134.162 201.236.101.194 51.250.85.165 38.88.127.14 190.119.187.173
10 minutes after config done…
Your email address will not be published. Required fields are marked *
Comment *
Name *
Email *
Website
Save my name, email, and website in this browser for the next time I comment.
Δ
See all tutorials