Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work. Learn more →
Fail2Ban Alternatives
Similar projects and alternatives to Fail2Ban
-
crowdsec
CrowdSec - the open-source and participative IPS able to analyze visitor behavior & provide an adapted response to all kinds of attacks. It also leverages the crowd power to generate a global CTI database to protect the user network.
-
-
Sonar
Write Clean Python Code. Always.. Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.
-
Nginx Proxy Manager
Docker container for managing Nginx proxy hosts with a simple, powerful interface
-
-
OSSEC
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
-
-
-
InfluxDB
Build time-series-based applications quickly and at scale.. InfluxDB is the Time Series Platform where developers build real-time applications for analytics, IoT and cloud-native services. Easy to start, it is available in the cloud or on-premises.
-
Wazuh
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
-
-
-
docker-swag
Nginx webserver and reverse proxy with php support and a built-in Certbot (Let's Encrypt) client. It also contains fail2ban for intrusion prevention.
-
Login-Shield
Your first line of defense against Internet bots, hacks and probes. Login-Shield is a small set of bash scripts that implements an iptables/ipset blocklist of known sources of hack activity. Works great as a compliment with/without fail2ban. Statistics have shown it blocks 90+% of most system probes and attacks on login ports.
-
SpamAssassin
Read-only mirror of Apache SpamAssassin. Submit patches to https://bz.apache.org/SpamAssassin/. Do not send pull requests
-
-
-
masscan
TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
-
-
-
Phusion Passenger
A fast and robust web server and application server for Ruby, Python and Node.js
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Fail2Ban reviews and mentions
-
Configuring Fail2ban for Traefik Reverse Proxy
I've played a bit with Traefik as reverse proxy and wanted to implement fail2ban for it, after switching from Nginx Proxy Manager. It finally works and successfully bans threat actors that conduct malicous HTTP requests. As soon as a multitude of HTTP errors are detected by fail2ban in Traefik's JSON access logs, the attacker's IP address is banned. I am using a dockerized fail2ban container and ban locally via iptables as well as optionally on Cloudflare, using Cloudflare's API. A ban notification via Telegram can also be configured.
- SSHGuard
-
About the roadmap...
However I do not merely rely on this trust. I monitor my systems aggressively. I implement additional security measures to mitigate my exposure and liability. There are systems like fail2ban and login-shield that I use as additional layers (and have audited the code - these systems are a lot simpler than Linux - it's unrealistic for anybody to actually fully-audit the Linux kernel).
- Fail2Ban Release 1.0.1 (2022/09/27)
-
How to access Docker containers on home server from public IP?
You need to setup reverse proxy. nginx-proxy-manager, swag. There are also more options like caddy, haproxy etc... You can also setup a VPN and or a service like authelia, fail2ban, crowdsec to restrict access to your site.
-
Newbie help...docker, portainer, godaddy
You need to look into reverse proxy. Most common one is nginx-proxy-manager which has a nice GUI. There is also SWAG. Both can been configured to get free SSL certificates. For security: authelia, fail2ban, crowdsec. I also suggest to configure wireguard, wg-easy. If you have any questions, we are here. Welcome and good luck!
-
PSA: Guys, don't expose RDP, there is even public automated tools for bruteforce (at least change port + enable Lock out, ideally Guacamole)
This is the fail2ban I'm talking about. https://github.com/fail2ban/fail2ban/wiki It basically add IPs to a list of blocked IPs if the SSH login fails too many times. I later switched to public/private key for ssh auth but I never turned off fail2ban while I had the server running.
-
fail2ban log says "banned" but IP still able to connect
# actionflush = -F f2b- [Init] # Option: chain # Notes specifies the iptables chain to which the Fail2Ban rules should be # added # Values: STRING Default: INPUT chain = INPUT # Default name of the chain # name = default # Option: port # Notes.: specifies port to monitor # Values: [ NUM | STRING ] Default: ## port = ssh # Option: protocol # Notes.: internally used by config reader for interpolations. # Values: [ tcp | udp | icmp | all ] Default: tcp # protocol = tcp # Option: blocktype # Note: This is what the action does with rules. This can be any jump target # as per the iptables man page (section 8). Common values are DROP # REJECT, REJECT --reject-with icmp-port-unreachable # Values: STRING blocktype = BLOCK # Option: returntype # Note: This is the default rule on "actionstart". This should be RETURN # in all (blocking) actions, except REJECT in allowing actions.# Values: STRING returntype = RETURN # Option: lockingopt # Notes.: Option was introduced to iptables to prevent multiple instances from # running concurrently and causing irratic behavior. -w was introduced # in iptables 1.4.20, so might be absent on older systems # See https://github.com/fail2ban/fail2ban/issues/1122 # Values: STRING lockingopt = -w # Option: iptables # Notes.: Actual command to be executed, including common to all calls options # Values: STRING iptables = iptables [Init?family=inet6] # Option: blocktype (ipv6) # Note: This is what the action does with rules. This can be any jump target # as per the iptables man page (section 8). Common values are DROP # REJECT, REJECT --reject-with icmp6-port-unreachable # Values: STRING blocktype = REJECT --reject-with icmp6-port-unreachable # Option: iptables (ipv6) # Notes.: Actual command to be executed, including common to all calls options # Values: STRING iptables = ip6tables
-
fail2ban with Cloudflare Proxy
Use the builtin fail2ban's cloudflare plugin (https://github.com/fail2ban/fail2ban/blob/master/config/action.d/cloudflare.conf)
-
Was my raspberry hacked?
If you are worried about hacking attempts, installing fail2ban will help.
-
A note from our sponsor - Sonar
www.sonarsource.com | 2 Feb 2023
Stats
fail2ban/fail2ban is an open source project licensed under GNU General Public License v3.0 or later which is an OSI approved license.