{"id":10929,"date":"2026-04-11T12:46:03","date_gmt":"2026-04-11T12:46:03","guid":{"rendered":"https:\/\/bitep.net\/blog\/2026\/04\/11\/ubuntu-24-04-fail2ban-ssh-bruteforce-protection\/"},"modified":"2026-04-11T12:46:03","modified_gmt":"2026-04-11T12:46:03","slug":"ubuntu-24-04-fail2ban-ssh-bruteforce-protection","status":"publish","type":"post","link":"https:\/\/bitep.net\/blog\/2026\/04\/11\/ubuntu-24-04-fail2ban-ssh-bruteforce-protection\/","title":{"rendered":"Ubuntu 24.04 serverd\u0259 Fail2ban il\u0259 SSH brute-force h\u00fccumlar\u0131ndan qorunma"},"content":{"rendered":"<p>Ubuntu 24.04 server internet\u0259 a\u00e7\u0131qd\u0131rsa, bir m\u00fcdd\u0259t sonra SSH loglar\u0131nda eyni m\u0259nz\u0259r\u0259ni g\u00f6r\u0259c\u0259ksiniz: botlar v\u0259 avtomatik skriptl\u0259r davaml\u0131 olaraq giri\u015f c\u0259hdl\u0259ri edir. SSH key istifad\u0259 ets\u0259niz bel\u0259, bu c\u0259hdl\u0259r log-lar\u0131 doldurur v\u0259 \u0259lav\u0259 risk yarad\u0131r. Bu n\u00f6qt\u0259d\u0259 \u0259n praktik m\u00fcdafi\u0259l\u0259rd\u0259n biri <strong>Fail2ban<\/strong> qura\u015fd\u0131rmaqd\u0131r.<\/p>\n<p>Fail2ban log fayllar\u0131n\u0131 izl\u0259yir, \u00e7ox sayda u\u011fursuz giri\u015f c\u0259hdi g\u00f6r\u0259nd\u0259 h\u0259min IP \u00fcnvan\u0131n\u0131 m\u00fcv\u0259qq\u0259ti bloklay\u0131r. Bu m\u0259qal\u0259d\u0259 Ubuntu 24.04 serverd\u0259 Fail2ban-\u0131n nec\u0259 qura\u015fd\u0131r\u0131ld\u0131\u011f\u0131n\u0131, SSH \u00fc\u00e7\u00fcn nec\u0259 aktiv edildiyini, \u0259sas parametrl\u0259rin nec\u0259 t\u0259nziml\u0259ndiyini v\u0259 i\u015fl\u0259diyinin nec\u0259 yoxland\u0131\u011f\u0131n\u0131 add\u0131m-add\u0131m g\u00f6st\u0259r\u0259c\u0259y\u0259m.<\/p>\n<h2>Fail2ban n\u0259 edir?<\/h2>\n<p>Fail2ban u\u011fursuz autentifikasiya c\u0259hd\u0259l\u0259rini log-lardan oxuyur v\u0259 m\u00fc\u0259yy\u0259n limit a\u015f\u0131larsa firewall qaydas\u0131 \u0259lav\u0259 edib h\u0259min IP-ni bloklay\u0131r. Y\u0259ni o, birba\u015fa parolu g\u00fccl\u0259ndirmir, amma brute-force c\u0259hdl\u0259rinin s\u00fcr\u0259tini v\u0259 effektini k\u0259skin azald\u0131r.<\/p>\n<ul>\n<li>SSH brute-force c\u0259hd\u0259l\u0259rini z\u0259ifl\u0259dir<\/li>\n<li>m\u00fc\u0259yy\u0259n m\u00fcdd\u0259tlik IP ban t\u0259tbiq edir<\/li>\n<li>log \u0259sasl\u0131 i\u015fl\u0259yir<\/li>\n<li>ist\u0259s\u0259niz ba\u015fqa servisl\u0259r \u00fc\u00e7\u00fcn d\u0259 aktiv etm\u0259k m\u00fcmk\u00fcnd\u00fcr<\/li>\n<\/ul>\n<p><strong>Vacib qeyd:<\/strong> Fail2ban t\u0259kba\u015f\u0131na tam t\u0259hl\u00fck\u0259sizlik h\u0259lli deyil. SSH key, g\u00fccl\u00fc konfiqurasiya v\u0259 firewall il\u0259 birlikd\u0259 istifad\u0259 olunanda m\u0259nal\u0131 n\u0259tic\u0259 verir.<\/p>\n<h2>Bu tutorial kim \u00fc\u00e7\u00fcnd\u00fcr?<\/h2>\n<ul>\n<li>Ubuntu 24.04 VPS v\u0259 ya dedicated server istifad\u0259\u00e7il\u0259ri<\/li>\n<li>SSH giri\u015fini s\u0259rtl\u0259\u015fdirm\u0259k ist\u0259y\u0259n adminl\u0259r<\/li>\n<li>internet\u0259 a\u00e7\u0131q serverl\u0259rd\u0259 brute-force riskini azaltmaq ist\u0259y\u0259nl\u0259r<\/li>\n<\/ul>\n<h2>Ba\u015flamazdan \u0259vv\u0259l n\u0259 haz\u0131r olmal\u0131d\u0131r?<\/h2>\n<ul>\n<li>Ubuntu 24.04 server<\/li>\n<li>sudo s\u0259lahiyy\u0259tli istifad\u0259\u00e7i<\/li>\n<li>SSH il\u0259 server\u0259 giri\u015f<\/li>\n<li>m\u00fcmk\u00fcns\u0259 art\u0131q SSH key \u0259sasl\u0131 giri\u015f<\/li>\n<\/ul>\n<h2>Add\u0131m 1: Fail2ban qura\u015fd\u0131r\u0131n<\/h2>\n<pre><code>sudo apt update\nsudo apt install fail2ban -y<\/code><\/pre>\n<p>Qura\u015fd\u0131rmadan sonra xidm\u0259tin v\u0259ziyy\u0259tini yoxlaya bil\u0259rsiniz:<\/p>\n<pre><code>systemctl status fail2ban.service<\/code><\/pre>\n<p>B\u0259zi hallarda servis qura\u015fd\u0131r\u0131ld\u0131qdan sonra avtomatik aktiv olmaya bil\u0259r. Bu normald\u0131r, \u0259vv\u0259l konfiqurasiyan\u0131 t\u0259nziml\u0259m\u0259k daha yax\u015f\u0131d\u0131r.<\/p>\n<h2>Add\u0131m 2: Default config-i birba\u015fa d\u0259yi\u015fm\u0259yin<\/h2>\n<p>Fail2ban-da \u0259sas default fayl <code>\/etc\/fail2ban\/jail.conf<\/code> olur. Amma praktik yana\u015fma onu birba\u015fa edit etm\u0259k deyil. \u00c7\u00fcnki paket update-l\u0259rind\u0259 d\u0259yi\u015f\u0259 bil\u0259r. Bunun \u0259v\u0259zin\u0259 local override yarad\u0131n:<\/p>\n<pre><code>sudo cp \/etc\/fail2ban\/jail.conf \/etc\/fail2ban\/jail.local<\/code><\/pre>\n<p>Sonra local config-i a\u00e7\u0131n:<\/p>\n<pre><code>sudo nano \/etc\/fail2ban\/jail.local<\/code><\/pre>\n<h2>Add\u0131m 3: \u018fsas parametrl\u0259ri t\u0259nziml\u0259yin<\/h2>\n<p><code>[DEFAULT]<\/code> b\u00f6lm\u0259sind\u0259 \u0259n vacib parametrl\u0259r bunlard\u0131r:<\/p>\n<pre><code>bantime = 10m\nfindtime = 10m\nmaxretry = 5<\/code><\/pre>\n<ul>\n<li><strong>bantime<\/strong> \u2014 IP n\u0259 q\u0259d\u0259r m\u00fcdd\u0259t bloklans\u0131n<\/li>\n<li><strong>findtime<\/strong> \u2014 ne\u00e7\u0259 d\u0259qiq\u0259lik p\u0259nc\u0259r\u0259d\u0259 c\u0259hdl\u0259r say\u0131ls\u0131n<\/li>\n<li><strong>maxretry<\/strong> \u2014 ne\u00e7\u0259 u\u011fursuz c\u0259hdd\u0259n sonra ban t\u0259tbiq olunsun<\/li>\n<\/ul>\n<p>Praktik ba\u015flan\u011f\u0131c \u00fc\u00e7\u00fcn bunlar uy\u011fundur. Daha s\u0259rt qayda ist\u0259yirsinizs\u0259, m\u0259s\u0259l\u0259n:<\/p>\n<pre><code>bantime = 1h\nfindtime = 10m\nmaxretry = 3<\/code><\/pre>\n<p>Amma \u00e7ox s\u0259rt d\u0259y\u0259rl\u0259r qoyanda \u00f6z\u00fcn\u00fcz\u00fc d\u0259 bloklama riskiniz art\u0131r.<\/p>\n<h2>Add\u0131m 4: SSH jail-ini aktiv edin<\/h2>\n<p>SSH \u00fc\u00e7\u00fcn b\u00f6lm\u0259ni tap\u0131n v\u0259 aktiv oldu\u011funu yoxlay\u0131n:<\/p>\n<pre><code>[sshd]\nenabled = true<\/code><\/pre>\n<p>M\u00fcasir Ubuntu sisteml\u0259rind\u0259 bu \u00e7ox vaxt kifay\u0259tdir. \u018fg\u0259r SSH f\u0259rqli portda i\u015fl\u0259yirs\u0259 v\u0259 ya x\u00fcsusi log yolu varsa, onu da ayr\u0131ca g\u00f6st\u0259rm\u0259k laz\u0131m ola bil\u0259r.<\/p>\n<h2>Add\u0131m 5: Servisi enable v\u0259 start edin<\/h2>\n<pre><code>sudo systemctl enable fail2ban\nsudo systemctl start fail2ban<\/code><\/pre>\n<p>Sonra yenid\u0259n status yoxlay\u0131n:<\/p>\n<pre><code>sudo systemctl status fail2ban<\/code><\/pre>\n<p>Burada <code>active (running)<\/code> g\u00f6rm\u0259lisiniz.<\/p>\n<h2>Add\u0131m 6: Fail2ban-\u0131n SSH \u00fc\u00e7\u00fcn i\u015fl\u0259diyini yoxlay\u0131n<\/h2>\n<p>Aktiv jail-l\u0259ri yoxlamaq \u00fc\u00e7\u00fcn:<\/p>\n<pre><code>sudo fail2ban-client status<\/code><\/pre>\n<p>SSH jail detal\u0131 \u00fc\u00e7\u00fcn:<\/p>\n<pre><code>sudo fail2ban-client status sshd<\/code><\/pre>\n<p>Burada ad\u0259t\u0259n bunlar\u0131 g\u00f6r\u0259c\u0259ksiniz:<\/p>\n<ul>\n<li>haz\u0131rda ne\u00e7\u0259 IP izl\u0259nir<\/li>\n<li>ne\u00e7\u0259 IP ban olunub<\/li>\n<li>hans\u0131 log fayl\u0131 izl\u0259nir<\/li>\n<\/ul>\n<h2>Add\u0131m 7: \u018fg\u0259r UFW istifad\u0259 edirsinizs\u0259<\/h2>\n<p>Fail2ban \u0259sas\u0259n firewall qaydalar\u0131 \u00fcz\u0259rind\u0259n i\u015fl\u0259diyi \u00fc\u00e7\u00fcn serverd\u0259 UFW v\u0259 ya iptables\/nftables m\u0259ntiqi d\u00fczg\u00fcn olmal\u0131d\u0131r. UFW aktivdirs\u0259, SSH giri\u015fin\u0259 onsuz da icaz\u0259 verildiyini t\u0259sdiql\u0259yin:<\/p>\n<pre><code>sudo ufw allow OpenSSH\nsudo ufw status<\/code><\/pre>\n<p>\u018fsas fikir budur: normal giri\u015f\u0259 icaz\u0259 qal\u0131r, amma \u00e7oxlu u\u011fursuz c\u0259hd ed\u0259n IP-l\u0259r \u0259lav\u0259 qaydalarla m\u00fcv\u0259qq\u0259ti bloklan\u0131r.<\/p>\n<h2>Tipik praktik konfiqurasiya<\/h2>\n<p>\u018fg\u0259r internet\u0259 a\u00e7\u0131q VPS istifad\u0259 edirsinizs\u0259, bel\u0259 bir baza profil kifay\u0259t q\u0259d\u0259r praktikdir:<\/p>\n<pre><code>[DEFAULT]\nbantime = 1h\nfindtime = 10m\nmaxretry = 5\n\n[sshd]\nenabled = true<\/code><\/pre>\n<p>\u018fg\u0259r art\u0131q SSH key istifad\u0259 edir v\u0259 password login-i s\u00f6nd\u00fcrm\u00fcs\u00fcn\u00fczs\u0259, bu kombinasiya daha yax\u015f\u0131 n\u0259tic\u0259 verir.<\/p>\n<h2>\u018fn \u00e7ox rast g\u0259lin\u0259n probleml\u0259r<\/h2>\n<h3>1. Fail2ban i\u015f\u0259 d\u00fc\u015fm\u00fcr<\/h3>\n<p>\u00c7ox vaxt s\u0259b\u0259b config sintaksisidir. Journal loglar\u0131na bax\u0131n:<\/p>\n<pre><code>sudo journalctl -u fail2ban --no-pager -n 50<\/code><\/pre>\n<h3>2. SSH jail g\u00f6r\u00fcnm\u00fcr<\/h3>\n<p><code>enabled = true<\/code> unudulub v\u0259 ya config override d\u00fczg\u00fcn yerd\u0259 yaz\u0131lmay\u0131b.<\/p>\n<h3>3. Ban olunur, amma t\u0259sir etmir<\/h3>\n<p>Firewall backend v\u0259 ya log yolu uy\u011funsuz ola bil\u0259r. X\u00fcsusil\u0259 custom SSH setup-larda bunu yoxlamaq laz\u0131md\u0131r.<\/p>\n<h3>4. \u00d6z IP-nizi bloklad\u0131n\u0131z<\/h3>\n<p>\u00c7ox s\u0259rt <code>maxretry<\/code> istifad\u0259 etmisinizs\u0259 v\u0259 test zaman\u0131 s\u0259hv parol yazm\u0131s\u0131n\u0131zsa, bu ola bil\u0259r. Ona g\u00f6r\u0259 d\u0259yi\u015fiklikl\u0259ri ed\u0259nd\u0259 m\u00f6vcud sessiyan\u0131 ba\u011flamamaq a\u011f\u0131ll\u0131d\u0131r.<\/p>\n<h2>Fail2ban-\u0131 daha faydal\u0131 ed\u0259n \u0259lav\u0259 add\u0131mlar<\/h2>\n<ul>\n<li>SSH key istifad\u0259 edin<\/li>\n<li>password login-i s\u00f6nd\u00fcr\u00fcn<\/li>\n<li>root login-i ba\u011flay\u0131n<\/li>\n<li>UFW aktiv edin<\/li>\n<li>vacib servisl\u0259r \u00fc\u00e7\u00fcn ayr\u0131ca jail-l\u0259r qurun<\/li>\n<\/ul>\n<p>Y\u0259ni Fail2ban t\u0259k h\u0259ll deyil, amma yax\u015f\u0131 layered security hiss\u0259sidir.<\/p>\n<h2>N\u0259tic\u0259<\/h2>\n<p>Ubuntu 24.04 serverd\u0259 Fail2ban qura\u015fd\u0131rmaq SSH brute-force c\u0259hd\u0259l\u0259rin\u0259 qar\u015f\u0131 \u0259n praktik v\u0259 az x\u0259rcli m\u00fcdafi\u0259l\u0259rd\u0259n biridir. Qura\u015fd\u0131rmas\u0131 s\u00fcr\u0259tlidir, g\u00fcnd\u0259lik idar\u0259si sad\u0259dir v\u0259 x\u00fcsusil\u0259 internet\u0259 a\u00e7\u0131q VPS-l\u0259rd\u0259 d\u0259rhal fayda verir. \u018fg\u0259r serverinizd\u0259 h\u0259l\u0259 aktiv deyils\u0259, bunu UFW v\u0259 SSH key il\u0259 birlikd\u0259 \u0259n yax\u0131n t\u0259hl\u00fck\u0259sizlik add\u0131mlar\u0131n\u0131zdan biri kimi g\u00f6t\u00fcrm\u0259k m\u0259ntiqlidir.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ubuntu 24.04 server internet\u0259 a\u00e7\u0131qd\u0131rsa, bir m\u00fcdd\u0259t sonra SSH loglar\u0131nda eyni m\u0259nz\u0259r\u0259ni g\u00f6r\u0259c\u0259ksiniz: botlar v\u0259 avtomatik skriptl\u0259r davaml\u0131 olaraq giri\u015f c\u0259hdl\u0259ri edir. SSH key istifad\u0259 ets\u0259niz bel\u0259, bu c\u0259hdl\u0259r log-lar\u0131 doldurur v\u0259 \u0259lav\u0259 risk yarad\u0131r. Bu n\u00f6qt\u0259d\u0259 \u0259n praktik m\u00fcdafi\u0259l\u0259rd\u0259n biri Fail2ban qura\u015fd\u0131rmaqd\u0131r. Fail2ban log fayllar\u0131n\u0131 izl\u0259yir, \u00e7ox sayda u\u011fursuz giri\u015f c\u0259hdi g\u00f6r\u0259nd\u0259 h\u0259min IP [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":10928,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[31,17,41],"tags":[],"class_list":["post-10929","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security","category-hosting","category-tutoriallar"],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/bitep.net\/blog\/wp-content\/uploads\/2026\/04\/fail2ban-ubuntu-24-04-ssh.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/posts\/10929","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/comments?post=10929"}],"version-history":[{"count":0,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/posts\/10929\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/media\/10928"}],"wp:attachment":[{"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/media?parent=10929"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/categories?post=10929"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/tags?post=10929"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}