I see the instructions at discourse/docs/INSTALL-cloud.md at main · discourse/discourse · GitHub say:
# Install fail2ban for brute-force protection
apt install fail2ban
I hadn’t noticed that before. Is this one command sufficient or is any configuration required? Thanks.
Wow… I really had to search to find fail2ban in that document but it is there so it is recommended I guess.
Anyhow
Usually the default configuration that installs with fail2ban is pretty good right out of the box. It will block most dictionary type attacks and brute force attacks as installed. If you have a specific need and know what you are doing, you can add to the config.
However, other then specific Discourse related support would be out of scope for this forum
I’ve sometimes wanted to figure out how to get it to automatically block any site that hits obvious wordpress attack vectors, but haven’t ever tried hard enough to do that.
You should also check CrowdSec, it’s an open-source app that share a community list of bad IPs.
There is also AbuseIPDB.
These services were useful before every doorbell and fridge could be used for attacks.
Installing fail2ban Debian/Ubuntu server will by default scan failed ssh login attempts and ban these IPs for a while. This is sufficient to slow down SSH brute force attacks for a while. But it only does this based on certain SSH failure patterns.
You can also set up an iptables rule to limit the number of connections to the SSH port per time period. This will also affect legitimate users, so be aware of that. If you are on Debian/Ubuntu and have no applied at other firewall configuration thing, Arno IPTables Firewall is a good script which applies a whole bunch of excellent rules. apt install arno-iptables-firewall, but be careful, a miss configuration will lock you out, so use the host’s “emergency console”. it includes an optional optional SSH bruteforce rule.