Vesta Control Panel - Forum

Posted: **Wed Nov 20, 2024 5:01 pm**

Hi guys.

I got old vesion fail2ban on my old server:

root@vps:~# apt-cache showpkg fail2ban
Package: fail2ban
Versions:
0.10.2-2

also:

Code: Select all

root@vps:~# fail2ban-server --version
Fail2Ban v0.10.2

Regarding website: https://github.com/fail2ban/fail2ban/releases there is vesion 1.1.0 available.
So my question is: is it possible to somehow update it ?

Why i am looking for update? Because from version:

If you use v.0.11, you can use bantime increment feature

Code: Select all

[sshd]
# initial ban time:
bantime = 1h
# incremental banning:
bantime.increment = true
# default factor (causes increment - 1h -> 1d 2d 4d 8d 16d 32d ...):
bantime.factor = 24
# max banning time = 5 week:
bantime.maxtime = 5w

From my server i can see lot of RUSSIAN IP is connection and flood my server for bad logins and so on. So i am looking for solution how to effective BAN all of that.

root@vps:~# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 0
| |- Total failed: 10868
| `- File list: /var/log/auth.log
`- Actions
|- Currently banned: 0
|- Total banned: 644

PS: One more question: Is it somehow possible block RUSSIA and CHINA users to connect on any service on my server? Something like geolocation firewall block?

Thanks for all your answers, i really appreciate it.

Posted: **Wed Jun 11, 2025 4:00 pm**

Hi!

It's great that you're looking to update Fail2Ban and improve the security of your server. Here's a detailed solution to address your concerns:

1. Updating Fail2Ban to a Newer Version
You're currently using Fail2Ban v0.10.2, which is quite outdated, and you're correct that newer versions (like v1.1.0) offer helpful features, such as the bantime.increment feature. Fortunately, you can update Fail2Ban to the latest version, either by using your package manager or compiling it from source.

A. Upgrade via Package Manager (APT)
First, check if the newer version is available in your current repository:

Code: Select all

sudo apt update
sudo apt-cache policy fail2ban

If a newer version isn't available, you might want to try enabling backports or third-party repositories. However, if the version is still old, you can manually install it by following these steps:

B. Install Fail2Ban from Source
Remove the older version:

Code: Select all

sudo apt remove fail2ban

Install dependencies:

Code: Select all

sudo apt install python3-dev python3-pip libssl-dev libffi-dev build-essential

Clone the Fail2Ban repository and install the latest version:

Code: Select all

git clone https://github.com/fail2ban/fail2ban.git
cd fail2ban
git checkout v1.1.0  # Checkout version 1.1.0
sudo python3 setup.py install

Check the installed version:

Code: Select all

fail2ban-server --version

This will give you the latest version (1.1.0), and you can start using the bantime.increment feature.
Fail2Ban Update: Make sure to update Fail2Ban either via APT (if a newer version is available) or by compiling from source.

GeoIP Blocking: Using iptables with GeoIP allows you to block specific countries like Russia and China, adding an extra layer of protection to your server.

Let me know if you need more details or help with setting it up! You're on the right track to securing your server.

Vesta Control Panel - Forum

fail2ban old version

fail2ban old version

Re: fail2ban old version