Secure your Raspberry Pi with this very easy tool: Fail2Ban.
If you, like me, like to use the Raspberry Pi for i.e. WordPress and let other people access it from the World Wide Web, it’s a good idea to make the Raspberry Pi more secure.
Step 1: Update your System
sudo apt-get update
sudo apt-get upgrade
sudo rpi-update
Step 2: Install Fail2Ban
sudo apt-get install fail2ban
Step 3: Configure Fail2Ban
sudo nano /etc/fail2ban/jail.conf
You can setup fail2ban with any service that uses logfile like Apache, FTP etc. As you can see in the image below, the default setting from /etc/fail2ban/jail.conf is max 3 retries and you get banned for 600 seconds.
Step 4: Change Fail2Ban Settings
sudo nano /etc/fail2ban/jail.local
Lets say, for example you want to permanently ban the IP address after 5 unsuccesfull attempts on all ports, you can then input the following code in the /etc/fail2ban/jail.local file. Save and exit.
[ssh]
banaction = iptables-allports
bantime = -1
maxretry = 5
Step 5: Restart the Fail2Ban Service
sudo service fail2ban restart
Step 6: Inspect Banned IP Addressess
If you have some traffic to your Raspberry Pi server you can after a couple of days input the following command in the SSH terminal, to see the banned IP in your iptables:
sudo iptables -L -n --line