I had been running my Ubuntu with SSH at port 22 exposed to the internet for the past few years not knowing that there are actually so many random attackers.
Luckily it was protected by a strong password but still I should have taken the proactive approach to install fail2ban earlier. To install
sudo apt update
sudo apt install fail2ban -yOnce completed, make a copy of the configuration file
cd /etc/fail2ban
sudo cp jail.conf jail.localNext configure the basic settings
sudo vim jail.local
Although it says setting are in seconds, but 24h and 60m works too in my Ubuntu 18.04 . For a permanent ban time set it to minus 1
Save the “jail.local” settings file and restart fail2ban service
sudo systemctl restart fail2ban.serviceTo see how many IPs had been blocked
sudo iptables -L
To unban an IP address 1.2.3.4 manually
sudo fail2ban-client set sshd unbanip 1.2.3.4To ban an IP address 1.2.3.4 manually
sudo fail2ban-client set sshd banip 1.2.3.4
