{"id":12711,"date":"2026-01-08T10:24:30","date_gmt":"2026-01-08T04:54:30","guid":{"rendered":"https:\/\/www.youstable.com\/blog\/?p=12711"},"modified":"2026-01-08T10:24:32","modified_gmt":"2026-01-08T04:54:32","slug":"what-is-fail2ban-on-linux-server","status":"publish","type":"post","link":"https:\/\/www.youstable.com\/blog\/what-is-fail2ban-on-linux-server","title":{"rendered":"What is Fail2ban on Linux Server? Stop SSH Brute Force Attacks"},"content":{"rendered":"\n<p><strong>Fail2ban on Linux server<\/strong> is an intrusion-prevention tool that monitors logs, detects repeated authentication failures or malicious patterns, and automatically bans offending IPs by updating the firewall (iptables, nftables, UFW, or firewalld). It reduces SSH brute-force, web login abuse, and mail auth attacks with customizable \u201cjails,\u201d filters, and ban policies.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"why-fail2ban-matters-on-a-linux-server\"><strong>Why Fail2ban Matters on a Linux Server<\/strong><\/h2>\n\n\n\n<div class=\"wp-block-media-text has-media-on-the-right is-stacked-on-mobile\"><div class=\"wp-block-media-text__content\">\n<p>When you put a Linux server online, it becomes a target for bots scanning SSH, Nginx\/Apache, MySQL, and mail services. Fail2ban provides an automated defense: it watches log files, identifies abusive IPs using regulr expressions, and temporarily blocks them using your system firewall. <\/p>\n<\/div><figure class=\"wp-block-media-text__media\"><img loading=\"lazy\" decoding=\"async\" width=\"1160\" height=\"780\" src=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/Why-Fail2ban-Matters-on-a-Linux-Server-2.png\" alt=\"Why Fail2ban Matters on a Linux Server\" class=\"wp-image-13063 size-full\" srcset=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/Why-Fail2ban-Matters-on-a-Linux-Server-2.png 1160w, https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/Why-Fail2ban-Matters-on-a-Linux-Server-2-150x101.png 150w\" sizes=\"auto, (max-width: 1160px) 100vw, 1160px\" \/><\/figure><\/div>\n\n\n\n<p>It\u2019s lightweight, easy to configure, and a must-have baseline for server security.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"how-fail2ban-works-plain-english-overview\"><strong>How Fail2ban Works (Plain-English Overview)<\/strong><\/h2>\n\n\n\n<p>Fail2ban uses three core building blocks: jails, filters, and actions. A jail defines what to protect (e.g., SSH), the filter defines how to detect bad behavior in logs, and the action defines how to ban the offender (e.g., add an iptables\/nftables rule). Once an IP exceeds maxretry within findtime, it\u2019s banned for bantime.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"key-concepts-and-files\"><strong>Key Concepts and Files<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"1-jails\">1. <strong>Jails<\/strong><\/h3>\n\n\n\n<p>Jails connect a log source and a filter to a ban action. Each service you protect (sshd, nginx, postfix, dovecot, vsftpd) typically has a dedicated jail. Jails can have unique thresholds, ban durations, and whitelists.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"2-filters\">2.<strong>Filters<\/strong><\/h3>\n\n\n\n<p>Filters are regular expressions that match malicious log lines. They live in <code>\/etc\/fail2ban\/filter.d\/<\/code>. Many filters ship by default (e.g., <code>sshd.conf<\/code>, <code>nginx-http-auth.conf<\/code>) and you can create your own for custom apps.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"3-actions\">3.<strong>Actions<\/strong><\/h3>\n\n\n\n<p>Actions define how to ban\/unban an IP. Common actions include iptables, nftables, firewalld, and UFW. They live in <code>\/etc\/fail2ban\/action.d\/<\/code>. Some actions also send email or trigger scripts for notifications.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"4-backends\">4. <strong>Backends<\/strong><\/h3>\n\n\n\n<p>Fail2ban can read from plain log files or from the systemd journal. On modern distros, using <code>backend = systemd<\/code> is fast and reliable because it reads directly from the journal.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"install-fail2ban-ubuntu-debian-rhel-centos-rocky-alma\"><strong>Install Fail2ban (Ubuntu\/Debian, RHEL\/CentOS\/Rocky\/Alma)<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"ubuntu-debian\"><strong>Ubuntu\/Debian<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt update\nsudo apt <a href=\"https:\/\/www.youstable.com\/blog\/install-fail2ban-on-linux\/\">install fail2ban<\/a> -y\nsudo systemctl enable --now fail2ban\nsudo systemctl status fail2ban<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"rhel-centos-rocky-alma\"><strong>RHEL\/CentOS\/Rocky\/Alma<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo dnf install epel-release -y\nsudo dnf install fail2ban -y\nsudo systemctl enable --now fail2ban\nsudo systemctl status fail2ban<\/code><\/pre>\n\n\n\n<p>By default, Fail2ban ships with a safe baseline for SSH on many systems, but it\u2019s best practice to create your own <code>jail.local<\/code> to override defaults.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"quick-start-configuration-recommended-ssh-protection\"><strong>Quick-Start Configuration (Recommended SSH Protection)<\/strong><\/h2>\n\n\n\n<p>Create or edit <code>\/etc\/fail2ban\/jail.local<\/code> and add a secure baseline. This protects SSH, enables the systemd backend, and sets aggressive but reasonable retry thresholds:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;DEFAULT]\n# Use systemd journal where available\nbackend = systemd\n# Whitelist your office\/home IPs and private ranges if appropriate\nignoreip = 127.0.0.1\/8 ::1\n# 10-minute search window, 5 failures =&gt; ban\nfindtime = 10m\nmaxretry = 5\n# Start with a 1 hour ban; escalate using bantime.increment below\nbantime = 1h\n# Use incremental bans on repeat offenders\nbantime.increment = true\nbantime.factor = 2\nbantime.formula = bantime * (1 + failures)\n# Choose your firewall action (adjust to your stack)\nbanaction = iptables-multiport\n# Alternatives: nftables, ufw, firewallcmd-rich-rules\n\n&#91;sshd]\nenabled = true\nport = ssh\nlogpath = %(sshd_log)s\nfilter = sshd\nmaxretry = 5\nfindtime = 10m\nbantime = 1h<\/code><\/pre>\n\n\n\n<p>Reload Fail2ban to apply changes:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl reload fail2ban\n# or\nsudo fail2ban-client reload<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"protecting-web-servers-nginx-apache-and-wordpress\"><strong>Protecting Web Servers (Nginx\/Apache) and WordPress<\/strong><\/h2>\n\n\n\n<p>Hardening SSH is the first step. Next, cover HTTP authentication, WordPress login, and common scanner patterns. The following examples use built-in filters and a custom filter for noisy scanners:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"enable-nginx-http-auth-and-bad-bots\"><strong>Enable Nginx HTTP Auth and Bad Bots<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;nginx-http-auth]\nenabled = true\nport = http,https\nfilter = nginx-http-auth\nlogpath = \/var\/log\/nginx\/error.log\nmaxretry = 3\nfindtime = 10m\nbantime = 2h\n\n# Optional: block repeated 404 scans (custom filter below)\n&#91;nginx-404-scan]\nenabled = true\nport = http,https\nfilter = nginx-404-scan\nlogpath = \/var\/log\/nginx\/access.log\nmaxretry = 20\nfindtime = 10m\nbantime = 2h<\/code><\/pre>\n\n\n\n<p>Create <code>\/etc\/fail2ban\/filter.d\/nginx-404-scan.conf<\/code>:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;Definition]\nfailregex = &lt;HOST&gt; - - \\&#91;.*\\] \"GET .*\" 404\nignoreregex =\n# Adjust if your log format differs<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"apache-http-auth\"><strong>Apache HTTP Auth<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;apache-auth]\nenabled = true\nport = http,https\nfilter = apache-auth\nlogpath = \/var\/log\/apache2\/error.log\nmaxretry = 3\nbantime = 2h<\/code><\/pre>\n\n\n\n<p>For WordPress, combine Fail2ban with strong passwords, 2FA, and a WAF. You can also parse <code>wp-login.php<\/code> failures via the web server logs or a plugin that writes to syslog.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"mail-ftp-and-other-common-jails\"><strong>Mail, FTP, and Other Common Jails<\/strong><\/h2>\n\n\n\n<p>If your server runs mail or FTP, enable these jails and point them to correct logs:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Postfix auth abuse: <\/strong><code>[postfix]<\/code> with <code>\/var\/log\/maillog<\/code> or journal<\/li>\n\n\n\n<li><strong>Dovecot IMAP\/POP brute-force:<\/strong> <code>[dovecot]<\/code><\/li>\n\n\n\n<li><strong>vsftpd or pure-ftpd: <\/strong><code>[vsftpd]<\/code>, <code>[pure-ftpd]<\/code><\/li>\n\n\n\n<li><strong>Recidive (repeat abusers across jails):<\/strong> <code>[recidive]<\/code> jail<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;recidive]\nenabled = true\nlogpath = \/var\/log\/fail2ban.log\nfindtime = 1d\nmaxretry = 5\nbantime = 7d<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"using-different-firewalls-iptables-nftables-ufw-firewalld\"><strong>Using Different Firewalls: iptables, nftables, UFW, firewalld<\/strong><\/h2>\n\n\n\n<p>Match the banaction to your firewall stack:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>iptables: <code>banaction<\/code><\/strong><code> = iptables-multiport<\/code><\/li>\n\n\n\n<li><strong>nftables: <code>banaction<\/code><\/strong><code> = nftables<\/code><\/li>\n\n\n\n<li><strong>UFW (Ubuntu): <code>banaction<\/code><\/strong><code> = ufw<\/code><\/li>\n\n\n\n<li>firewalld (RHEL): <code>banaction = firewallcmd-rich-rules<\/code><\/li>\n<\/ul>\n\n\n\n<p>Only use one firewall frontend at a time to avoid conflicts (e.g., don\u2019t run UFW and firewalld together). After changing <code>banaction<\/code>, reload Fail2ban.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"monitoring-testing-and-unbanning\"><strong>Monitoring, Testing, and Unbanning<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"check-status\"><strong>Check Status<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo fail2ban-client status\nsudo fail2ban-client status sshd<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"test-filters-with-real-logs\"><strong>Test Filters with Real Logs<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># Test a filter against a log file\nsudo fail2ban-regex \/var\/log\/auth.log \/etc\/fail2ban\/filter.d\/sshd.conf\n\n# On RHEL-like systems\nsudo fail2ban-regex \/var\/log\/secure \/etc\/fail2ban\/filter.d\/sshd.conf<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"unban-or-ban-manually\"><strong>Unban or Ban Manually<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># Unban an IP from a specific jail\nsudo fail2ban-client set sshd unbanip 203.0.113.10\n\n# Temporarily ban an IP\nsudo fail2ban-client set sshd banip 203.0.113.10<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"best-practice-settings-from-real-world-hosting\"><strong>Best-Practice Settings (From Real-World Hosting)<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use systemd backend on modern distros for reliability and speed.<\/li>\n\n\n\n<li>Enable incremental bans to slow repeat offenders without permanently blocking legitimate users who mistype passwords.<\/li>\n\n\n\n<li>Set <code>findtime<\/code> to 10\u201315 minutes and <code>maxretry<\/code> to 4\u20136 for SSH; start with <code>bantime<\/code> 1 hour and let recidive handle repeat attackers.<\/li>\n\n\n\n<li>Whitelist fixed office VPN IPs with <code>ignoreip<\/code> to avoid accidental lockouts.<\/li>\n\n\n\n<li><strong>Harden SSH beyond Fail2ban: <\/strong>change the SSH port if appropriate, disable password auth in favor of keys, and enable 2FA for privileged accounts.<\/li>\n\n\n\n<li>For Nginx\/Apache, log in combined format and ensure error\/access logs are rotated properly so Fail2ban has a continuous view.<\/li>\n\n\n\n<li>Keep filters up to date; custom apps often need custom filters.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"limitations-and-how-to-build-a-stronger-security-stack\"><strong>Limitations and How to Build a Stronger Security Stack<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Fail2ban is not a DDoS solution. Use a CDN\/WAF, rate-limiting at the web server, and network-level mitigation for volumetric attacks.<\/li>\n\n\n\n<li>It reacts after bad behavior is logged. For high-risk systems, add proactive controls: allowlists, VPN gateways, and MFA.<\/li>\n\n\n\n<li>False positives can occur with overly broad filters. Always test with <code>fail2ban-regex<\/code> and monitor the jail logs.<\/li>\n\n\n\n<li>On containerized environments, ensure host-level logs are accessible or run Fail2ban on the host where firewalls are managed.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"troubleshooting-tips\"><strong>Troubleshooting Tips<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>If bans don\u2019t appear, verify the correct banaction for your firewall and confirm the firewall service is running.<\/li>\n\n\n\n<li>If no matches occur, check that the log path is correct and the filter\u2019s regex matches your log format.<\/li>\n\n\n\n<li>If Fail2ban restarts clear bans, that\u2019s expected; Fail2ban re-applies new bans as it detects events. Recidive helps with persistent attackers.<\/li>\n\n\n\n<li>Use <code>journalctl -u fail2ban<\/code> and <code>\/var\/log\/fail2ban.log<\/code> to diagnose issues.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"where-managed-security-helps\"><strong>Where Managed Security Helps<\/strong><\/h2>\n\n\n\n<p>If you\u2019d rather not hand-tune filters and firewall policies, a <a href=\"https:\/\/www.youstable.com\/blog\/benefits-of-web-hosting-control-panel-for-managed-hosting\/\">managed hosting<\/a> provider can help. At YouStable, our engineers deploy Fail2ban with hardened defaults, integrate it with your chosen firewall (UFW, nftables, firewalld), and monitor jails proactively alongside WAF\/CDN security\u2014so you get layered protection without the guesswork.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"complete-example-secure-ssh-nginx-and-recidive\"><strong>Complete Example: Secure SSH, Nginx, and Recidive<\/strong><\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;DEFAULT]\nbackend = systemd\nignoreip = 127.0.0.1\/8 ::1\nfindtime = 10m\nmaxretry = 5\nbantime = 1h\nbantime.increment = true\nbantime.factor = 2\nbanaction = nftables  # use iptables-multiport, ufw, or firewallcmd-rich-rules if preferred\n\n&#91;sshd]\nenabled = true\nport = 22\nfilter = sshd\nlogpath = %(sshd_log)s\n\n&#91;nginx-http-auth]\nenabled = true\nport = http,https\nlogpath = \/var\/log\/nginx\/error.log\n\n&#91;nginx-404-scan]\nenabled = true\nport = http,https\nfilter = nginx-404-scan\nlogpath = \/var\/log\/nginx\/access.log\nmaxretry = 20\nbantime = 2h\n\n&#91;recidive]\nenabled = true\nlogpath = \/var\/log\/fail2ban.log\nfindtime = 1d\nmaxretry = 5\nbantime = 7d<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"faqs\"><strong>FAQ<\/strong>&#8216;s<\/h2>\n\n\n<div id=\"rank-math-faq\" class=\"rank-math-block\">\n<div class=\"rank-math-list \">\n<div id=\"faq-question-1765619433697\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"1-is-fail2ban-necessary-on-a-linux-server\">1. <strong>Is Fail2ban necessary on a Linux server?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Yes. Any Internet-facing server attracts brute-force and credential-stuffing attempts. Fail2ban provides automated, low-overhead blocking for SSH, web, and mail services, reducing attack surface and log noise. It\u2019s a best-practice baseline even if you also use a WAF or CDN.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765619449485\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"2-does-fail2ban-stop-ddos-attacks\">2. <strong>Does Fail2ban stop DDoS attacks?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>No. Fail2ban is not designed for volumetric DDoS mitigation. It\u2019s effective against repeated auth failures and application-layer abuse patterns. Use network-layer protection, a CDN\/WAF, and web server rate-limiting to complement Fail2ban.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765619467453\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"3-how-do-i-whitelist-or-ignore-trusted-ips\">3. <strong>How do I whitelist or ignore trusted IPs?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Add trusted addresses to <code>ignoreip<\/code> in <code>\/etc\/fail2ban\/jail.local<\/code>, such as your VPN or office IP. Example: <code>ignoreip = 127.0.0.1\/8 ::1 203.0.113.5<\/code>. Reload Fail2ban afterward to apply changes.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765619488405\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"4-which-firewall-should-i-use-with-fail2ban-iptables-nftables-ufw-or-firewalld\">4. <strong>Which firewall should I use with Fail2ban: iptables, nftables, UFW, or firewalld?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Use the native tool for your distro and preference: nftables on modern Linux, iptables for legacy systems, UFW on Ubuntu for simplicity, and firewalld on RHEL-based distros. Set <code>banaction<\/code> accordingly and avoid running multiple firewall frontends simultaneously.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765619503614\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"5-what-are-good-ssh-bantime-findtime-and-maxretry-values\">5. <strong>What are good SSH bantime, findtime, and maxretry values?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>A solid starting point: <code>maxretry = 5<\/code>, <code>findtime = 10m<\/code>, <code>bantime = 1h<\/code>, with <code>bantime.increment = true<\/code> and the <code>recidive<\/code> jail enabled. This balances lockout risk with strong deterrence for bots and repeat offenders<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Fail2ban on Linux server is an intrusion-prevention tool that monitors logs, detects repeated authentication failures or malicious patterns, and automatically [&hellip;]<\/p>\n","protected":false},"author":21,"featured_media":17266,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"iawp_total_views":3,"footnotes":""},"categories":[350,1195],"tags":[],"class_list":["post-12711","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledgebase","category-blogging"],"acf":[],"featured_image_src":"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/What-is-Fail2ban-on-Linux-Server-Stop-SSH-Brute-Force-Attacks.jpg","author_info":{"display_name":"Sanjeet Chauhan","author_link":"https:\/\/www.youstable.com\/blog\/author\/sanjeet"},"_links":{"self":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/12711","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/comments?post=12711"}],"version-history":[{"count":11,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/12711\/revisions"}],"predecessor-version":[{"id":17268,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/12711\/revisions\/17268"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media\/17266"}],"wp:attachment":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media?parent=12711"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/categories?post=12711"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/tags?post=12711"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}