ServerPilot out of the box does not have a solution to deal with brute force attacks, it does have a sister company called Heatshield which rejects IP addresses that try and constantly connect to your site, you can also do the same with the opensource fail2ban.
fail2ban is an app which bans access to your site from IP addresses which are trying to login to your services such as SSH on port 22, it is good practice to change the port number as well as deny IPs which are constantly attempting to get in. fail2ban trawls the logs to look for patterns and extend the ban on repeat offenders.
The jail.local file contains a lot of commented out code, just find the uncommented code and change a few settings, a good starting point is to change the ignoreip, bantime, findtime, maxretry, banaction and email address to change the email alert to a preferred one
ignoreip – good to add your office/home perm IP (space separated)
banaction – Since you are using ufw as firewall set banaction to ufw instead of iptables-multiport and you will see the fail2ban new rules as part of the ufw set.
banaction = ufw
destemail – receiving email address
# Destination email address used solely for the interpolations in
# jail.{conf,local,d/*} configuration files.
destemail = root@localhost
bantime, findtime, maxretry – the first 2 values are in seconds and are worked out that if the maxretry logins are exceeded in the findtime then that IP is banned for the length of the bantime. So if you wanted 5 maxretrys banned for 24 hrs that had tried to gain access in an hour the following would do it.
# "bantime" is the number of seconds that a host is banned.
bantime = 86400
# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 3600
# "maxretry" is the number of failures before a host get banned.
maxretry = 5
After the changes start fail2ban
service fail2ban start
Check your log and ufw status file to see success.
root@wp-beaches-la-2:~# ufw status verbose
Status: active
Logging: off
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
Anywhere REJECT IN 124.153.101.226
Anywhere REJECT IN 121.18.238.106
Anywhere REJECT IN 61.177.172.24
22/tcp ALLOW IN Anywhere
80/tcp ALLOW IN Anywhere
443/tcp ALLOW IN Anywhere
68/udp ALLOW IN Anywhere
22/tcp (v6) ALLOW IN Anywhere (v6)
To change the SSH port number, make sure you have it allowed in the ufw firewall first.
ufw allow 2222/tcp
Then back in the jail.local file, change
[sshd]
port = ssh
to
[sshd]
port = 2222
Restart fail2ban
Once you have looked through the jail.local file and are familiar with it it is better practice for your jail.local file to be tidy and just contains the overrides you need which are segregated by [] – so the variables set in [DEFAULT] and [SSH] will override the equivalents in jail.conf, so your new clean and tidy jail.local may resemble this…
[DEFAULT]
bantime = 86400
findtime = 43200
maxretry = 4
banaction = ufw
ignoreip = 127.0.0.1/8 1.2.3.4
mta = mail
[sshd]
enabled = true
port = ssh
Running Processes or jails
You can also see which fail2ban processes are running by using
fail2ban-client status
And if you have SSH running you will see
StatusStatus|- Number of jail: 1`- Jail list: sshd
