{"id":11122,"date":"2026-04-20T03:01:35","date_gmt":"2026-04-20T03:01:35","guid":{"rendered":"https:\/\/bitep.net\/blog\/2026\/04\/20\/fail2ban-nedir-server-tehlukesizliyi\/"},"modified":"2026-04-20T03:01:50","modified_gmt":"2026-04-20T03:01:50","slug":"fail2ban-nedir-server-tehlukesizliyi","status":"publish","type":"post","link":"https:\/\/bitep.net\/blog\/2026\/04\/20\/fail2ban-nedir-server-tehlukesizliyi\/","title":{"rendered":"Fail2Ban n\u0259dir? Server t\u0259hl\u00fck\u0259sizliyind\u0259 brute-force c\u0259hdl\u0259rini nec\u0259 azald\u0131r?"},"content":{"rendered":"

Server t\u0259hl\u00fck\u0259sizliyi m\u00f6vzusunda tez-tez e\u015fidil\u0259n, amma h\u0259r k\u0259sin praktik m\u0259ntiqini tam ba\u015fa d\u00fc\u015fm\u0259diyi al\u0259tl\u0259rd\u0259n biri Fail2Ban<\/strong>d\u0131r. X\u00fcsusil\u0259 VPS, Linux server, SSH giri\u015fi v\u0259 internet\u0259 a\u00e7\u0131q xidm\u0259tl\u0259r olan m\u00fchitl\u0259rd\u0259 bu ad tez-tez qar\u015f\u0131ya \u00e7\u0131x\u0131r. Ad\u0259t\u0259n bel\u0259 deyilir: \u201cFail2Ban qur, yax\u015f\u0131 olar\u201d. Amma \u0259sas sual budur: Fail2Ban n\u0259 edir v\u0259 niy\u0259 vacibdir?<\/strong><\/p>\n

Az\u0259rbaycanca server t\u0259hl\u00fck\u0259sizliyi m\u00f6vzular\u0131nda bu anlay\u0131\u015f b\u0259z\u0259n \u00e7ox q\u0131sa ke\u00e7ir. Halbuki SSH brute-force h\u00fccumlar\u0131, login c\u0259hdl\u0259ri v\u0259 log \u0259sasl\u0131 m\u00fcdafi\u0259 m\u0259ntiqini ba\u015fa d\u00fc\u015fm\u0259k server admin \u00fc\u00e7\u00fcn \u00e7ox vacibdir. Bu yaln\u0131z b\u00f6y\u00fck \u015firk\u0259tl\u0259r \u00fc\u00e7\u00fcn yox, sad\u0259 VPS i\u015fl\u0259d\u0259n istifad\u0259\u00e7il\u0259r \u00fc\u00e7\u00fcn d\u0259 real d\u0259y\u0259r da\u015f\u0131y\u0131r.<\/p>\n

Bu yaz\u0131da Fail2Ban n\u0259dir, nec\u0259 i\u015fl\u0259yir, hans\u0131 problemi h\u0259ll edir, firewall-dan f\u0259rqi n\u0259dir, SSH t\u0259hl\u00fck\u0259sizliyind\u0259 niy\u0259 faydal\u0131d\u0131r v\u0259 istifad\u0259 ed\u0259nd\u0259 n\u0259l\u0259r\u0259 diqq\u0259t etm\u0259k laz\u0131md\u0131r, bunlar\u0131 sad\u0259 dill\u0259 izah ed\u0259c\u0259yik.<\/p>\n

Fail2Ban n\u0259dir?<\/h2>\n

Fail2Ban<\/strong> server log-lar\u0131n\u0131 izl\u0259y\u0259n v\u0259 \u015f\u00fcbh\u0259li v\u0259 ya t\u0259krarlanan u\u011fursuz giri\u015f c\u0259hdl\u0259rin\u0259 qar\u015f\u0131 avtomatik m\u00fcdaxil\u0259 ed\u0259n t\u0259hl\u00fck\u0259sizlik al\u0259tidir. Sad\u0259 dill\u0259 des\u0259k, kims\u0259 server\u0259 d\u0259f\u0259l\u0259rl\u0259 s\u0259hv login etm\u0259y\u0259 \u00e7al\u0131\u015f\u0131rsa, Fail2Ban bunu g\u00f6r\u00fcb h\u0259min IP-ni m\u00fc\u0259yy\u0259n m\u00fcdd\u0259t bloklaya bil\u0259r.<\/p>\n

Bu, x\u00fcsusil\u0259 brute-force tipli h\u00fccumlar\u0131n t\u0259sirini azaltmaq \u00fc\u00e7\u00fcn istifad\u0259 olunur.<\/p>\n

Brute-force h\u00fccumu n\u0259dir?<\/h2>\n

Brute-force h\u00fccumu odur ki, bir sistem\u0259 giri\u015f \u0259ld\u0259 etm\u0259k \u00fc\u00e7\u00fcn \u00e7oxlu sayda parol v\u0259 ya login kombinasiyas\u0131 avtomatik s\u0131naqdan ke\u00e7irilir. \u0130nternet\u0259 a\u00e7\u0131q SSH, mail v\u0259 b\u0259zi web xidm\u0259tl\u0259rind\u0259 bu tip c\u0259hdl\u0259r tez-tez rast g\u0259linir.<\/p>\n

Y\u0259ni h\u00fccum ed\u0259n biri bir d\u0259f\u0259 yox, y\u00fczl\u0259rl\u0259 v\u0259 ya minl\u0259rl\u0259 d\u0259f\u0259 giri\u015f yoxlay\u0131r. Fail2Ban da m\u0259hz bu davran\u0131\u015f\u0131 log-lar \u00fcz\u0259rind\u0259n g\u00f6r\u00fcb reaksiya ver\u0259 bilir.<\/p>\n

Fail2Ban nec\u0259 i\u015fl\u0259yir?<\/h2>\n

M\u0259ntiqi sad\u0259dir:<\/p>\n

    \n
  1. Serverd\u0259 m\u00fc\u0259yy\u0259n log fayllar\u0131 izl\u0259nir<\/li>\n
  2. U\u011fursuz login v\u0259 ya \u015f\u00fcbh\u0259li pattern a\u015fkarlan\u0131r<\/li>\n
  3. M\u00fc\u0259yy\u0259n say h\u0259ddi ke\u00e7il\u0259nd\u0259 h\u0259min IP \u00fc\u00e7\u00fcn qayda t\u0259tbiq olunur<\/li>\n
  4. IP m\u00fcv\u0259qq\u0259ti v\u0259 ya m\u00fc\u0259yy\u0259n siyas\u0259t\u0259 g\u00f6r\u0259 bloklan\u0131r<\/li>\n<\/ol>\n

    Y\u0259ni Fail2Ban \u201ckimis\u0259 \u0259vv\u0259lc\u0259d\u0259n tan\u0131y\u0131r\u201d dey\u0259 yox, davran\u0131\u015fa baxaraq q\u0259rar verir.<\/p>\n

    Fail2Ban firewall-d\u0131rm\u0131?<\/h2>\n

    Tam olaraq yox. Fail2Ban \u00f6z\u00fc klassik m\u0259nada firewall deyil, amma firewall qaydalar\u0131 il\u0259 i\u015fl\u0259yir v\u0259 onlardan istifad\u0259 ed\u0259 bilir. Sad\u0259 dill\u0259 des\u0259k, o daha \u00e7ox q\u0259rar ver\u0259n v\u0259 reaksiya ba\u015fladan qatd\u0131r. Bloklama is\u0259 \u00e7ox vaxt iptables, nftables v\u0259 ya ox\u015far mexanizm \u00fcz\u0259rind\u0259n t\u0259tbiq olunur.<\/p>\n

    Bu s\u0259b\u0259bd\u0259n Fail2Ban il\u0259 firewall bir-birini \u0259v\u0259z etmir, bir-birini tamamlay\u0131r.<\/p>\n

    SSH \u00fc\u00e7\u00fcn niy\u0259 bu q\u0259d\u0259r vacibdir?<\/h2>\n

    SSH internet\u0259 a\u00e7\u0131q olduqda avtomatik login c\u0259hdl\u0259ri tez-tez olur. X\u00fcsusil\u0259 parol login a\u00e7\u0131qd\u0131rsa, bu risk art\u0131r. Fail2Ban bel\u0259 c\u0259hdl\u0259ri tam dayand\u0131rmasa da, onlar\u0131 ciddi \u015f\u0259kild\u0259 yava\u015f\u0131da v\u0259 daha \u00e7\u0259tin ed\u0259 bil\u0259r.<\/p>\n

    Praktik faydalar\u0131 bunlard\u0131r:<\/p>\n

      \n
    • t\u0259krarlanan s\u0259hv login c\u0259hdl\u0259rini bloklay\u0131r<\/li>\n
    • brute-force t\u0259zyiqini azald\u0131r<\/li>\n
    • log \u0259sasl\u0131 avtomatik m\u00fcdafi\u0259 yarad\u0131r<\/li>\n
    • SSH t\u0259hl\u00fck\u0259sizlik qat\u0131n\u0131 g\u00fccl\u0259ndirir<\/li>\n<\/ul>\n

      Fail2Ban t\u0259kba\u015f\u0131na kifay\u0259tdirmi?<\/h2>\n

      Yox. Bu \u00e7ox vacib m\u0259qamd\u0131r. Fail2Ban faydal\u0131d\u0131r, amma t\u0259k m\u00fcdafi\u0259 x\u0259tti olmamal\u0131d\u0131r. Sa\u011flam server t\u0259hl\u00fck\u0259sizliyind\u0259 a\u015fa\u011f\u0131dak\u0131lar da vacibdir:<\/p>\n

        \n
      • SSH key istifad\u0259 etm\u0259k<\/li>\n
      • root login siyas\u0259tini s\u0259rtl\u0259\u015fdirm\u0259k<\/li>\n
      • g\u00fccl\u00fc parol v\u0259 ya \u00fcmumiyy\u0259tl\u0259 parol login-i ba\u011flamaq<\/li>\n
      • firewall qaydalar\u0131n\u0131 d\u00fczg\u00fcn qurmaq<\/li>\n
      • serveri yenil\u0259m\u0259k<\/li>\n<\/ul>\n

        Y\u0259ni Fail2Ban yax\u015f\u0131 al\u0259tdir, amma b\u00fct\u00fcn t\u0259hl\u00fck\u0259sizlik strategiyas\u0131n\u0131n t\u0259k \u00f6z\u00fc deyil.<\/p>\n

        Fail2Ban hans\u0131 xidm\u0259tl\u0259r \u00fc\u00e7\u00fcn istifad\u0259 oluna bil\u0259r?<\/h2>\n

        \u018fn \u00e7ox SSH \u00fc\u00e7\u00fcn d\u00fc\u015f\u00fcn\u00fcl\u00fcr, amma yaln\u0131z SSH il\u0259 m\u0259hdudla\u015fm\u0131r. M\u00fc\u0259yy\u0259n hallarda ba\u015fqa servis log-lar\u0131 \u00fc\u00e7\u00fcn d\u0259 qaydalar qurmaq m\u00fcmk\u00fcnd\u00fcr. M\u0259s\u0259l\u0259n:<\/p>\n

          \n
        • mail servis login c\u0259hdl\u0259ri<\/li>\n
        • web server auth log-lar\u0131<\/li>\n
        • b\u0259zi admin panel v\u0259 reverse proxy log-lar\u0131<\/li>\n<\/ul>\n

          Y\u0259ni \u0259sas fikir budur: log var v\u0259 orada \u015f\u00fcbh\u0259li pattern g\u00f6r\u00fcn\u00fcrs\u0259, Fail2Ban bu pattern \u00fcz\u0259rind\u0259n m\u00fcdafi\u0259 qura bil\u0259r.<\/p>\n

          Yanl\u0131\u015f konfiqurasiya n\u0259 problem yarada bil\u0259r?<\/h2>\n

          \u018fn \u00e7ox qorxulan \u015feyl\u0259rd\u0259n biri \u00f6z\u00fcn\u00fcz\u00fc serverd\u0259n bloklamaqd\u0131r. \u018fg\u0259r h\u0259ddl\u0259r \u00e7ox s\u0259rt qurulsa v\u0259 ya allowlist d\u00fczg\u00fcn yaz\u0131lmasa, admin \u00f6z\u00fc d\u0259 bloklana bil\u0259r. Buna g\u00f6r\u0259 konfiqurasiyada balans vacibdir.<\/p>\n

          Dig\u0259r riskl\u0259r:<\/p>\n

            \n
          • yanl\u0131\u015f log fayl\u0131 izl\u0259m\u0259k<\/li>\n
          • h\u0259ddind\u0259n art\u0131q aqressiv ban siyas\u0259ti<\/li>\n
          • etibarl\u0131 IP-l\u0259r \u00fc\u00e7\u00fcn istisna verm\u0259m\u0259<\/li>\n
          • xidm\u0259t d\u0259yi\u015fs\u0259 d\u0259 qaydalar\u0131 yenil\u0259m\u0259m\u0259<\/li>\n<\/ul>\n

            Fail2Ban performansa \u00e7ox t\u0259sir edirmi?<\/h2>\n

            \u018fks\u0259r sad\u0259 v\u0259 orta \u00f6l\u00e7\u00fcl\u00fc VPS m\u00fchitl\u0259rind\u0259 ciddi problem yaratm\u0131r. \u00c7\u00fcnki \u0259sas i\u015fi log izl\u0259m\u0259k v\u0259 m\u00fc\u0259yy\u0259n hadis\u0259l\u0259r\u0259 reaksiya verm\u0259kdir. Amma yen\u0259 d\u0259 h\u0259r t\u0259hl\u00fck\u0259sizlik al\u0259ti kimi d\u00fczg\u00fcn qurulmal\u0131d\u0131r. \u00c7ox qar\u0131\u015f\u0131q v\u0259 n\u0259zar\u0259tsiz konfiqurasiya h\u0259mi\u015f\u0259 yax\u015f\u0131 fikir deyil.<\/p>\n

            WordPress istifad\u0259\u00e7isi \u00fc\u00e7\u00fcn bu niy\u0259 vacib ola bil\u0259r?<\/h2>\n

            \u018fg\u0259r WordPress shared hosting-d\u0259dirs\u0259, istifad\u0259\u00e7i h\u0259r zaman Fail2Ban-a birba\u015fa n\u0259zar\u0259t etmir. Amma WordPress VPS \u00fcz\u0259rind\u0259dirs\u0259, Nginx\/Apache, SSH v\u0259 admin s\u0259viyy\u0259li giri\u015fl\u0259r olan m\u00fchitl\u0259rd\u0259 bu al\u0259t praktik d\u0259y\u0259r qazan\u0131r. X\u00fcsusil\u0259 \u00f6z serverini \u00f6z\u00fc idar\u0259 ed\u0259nl\u0259r \u00fc\u00e7\u00fcn bu, real t\u0259hl\u00fck\u0259sizlik qat\u0131d\u0131r.<\/p>\n

            BITEP Hosting bax\u0131m\u0131ndan bu niy\u0259 vacibdir?<\/h2>\n

            Server t\u0259hl\u00fck\u0259sizliyi yaln\u0131z antivirus v\u0259 ya t\u0259k firewall qaydas\u0131 il\u0259 bitmir. Giri\u015f c\u0259hdl\u0259rinin nec\u0259 izl\u0259nm\u0259si v\u0259 \u015f\u00fcbh\u0259li davran\u0131\u015flara nec\u0259 reaksiya verilm\u0259si d\u0259 vacibdir. Fail2Ban bu m\u0259ntiqd\u0259 praktik v\u0259 faydal\u0131 al\u0259tdir, x\u00fcsusil\u0259 SSH v\u0259 internet\u0259 a\u00e7\u0131q xidm\u0259tl\u0259r \u00fc\u00e7\u00fcn.<\/p>\n

            BITEP Hosting kimi yana\u015fmada m\u0259qs\u0259d serveri sad\u0259c\u0259 a\u00e7\u0131q saxlamaq yox, onu laz\u0131ms\u0131z h\u00fccum s\u0259thin\u0259 qar\u015f\u0131 daha dayan\u0131ql\u0131 etm\u0259kdir. Fail2Ban da bu dayan\u0131ql\u0131q qatlar\u0131ndan biridir.<\/p>\n

            \u018fn \u00e7ox edil\u0259n s\u0259hvl\u0259r<\/h2>\n
              \n
            • Fail2Ban qurub dig\u0259r t\u0259hl\u00fck\u0259sizlik t\u0259dbirl\u0259rini unutmaq<\/li>\n
            • SSH key \u0259v\u0259zin\u0259 h\u0259l\u0259 d\u0259 z\u0259if parollara g\u00fcv\u0259nm\u0259k<\/li>\n
            • allowlist v\u0259 etibarl\u0131 IP siyas\u0259tini d\u00fc\u015f\u00fcnm\u0259m\u0259k<\/li>\n
            • yanl\u0131\u015f log v\u0259 ya yanl\u0131\u015f service \u00fc\u00e7\u00fcn qayda yazmaq<\/li>\n
            • ban parametrl\u0259rini s\u0259b\u0259bsiz h\u0259dd\u0259n art\u0131q s\u0259rtl\u0259\u015fdirm\u0259k<\/li>\n<\/ul>\n

              N\u0259tic\u0259<\/h2>\n

              Fail2Ban server log-lar\u0131n\u0131 izl\u0259y\u0259r\u0259k t\u0259krarlanan u\u011fursuz giri\u015f c\u0259hdl\u0259rin\u0259 qar\u015f\u0131 avtomatik blok t\u0259tbiq ed\u0259n praktik t\u0259hl\u00fck\u0259sizlik al\u0259tidir. X\u00fcsusil\u0259 SSH brute-force c\u0259hdl\u0259rini azaltmaq \u00fc\u00e7\u00fcn faydal\u0131d\u0131r v\u0259 VPS, Linux server, DevOps m\u00fchitl\u0259rind\u0259 real d\u0259y\u0259r verir.<\/p>\n

              \u018fn do\u011fru yana\u015fma budur: Fail2Ban-\u0131 t\u0259k m\u00f6c\u00fcz\u0259 h\u0259ll kimi yox, server t\u0259hl\u00fck\u0259sizliyinin bir qat\u0131 kimi d\u00fc\u015f\u00fcn\u00fcn. SSH key, firewall, update v\u0259 d\u00fczg\u00fcn login siyas\u0259ti il\u0259 birlikd\u0259 istifad\u0259 ed\u0259nd\u0259 daha sa\u011flam n\u0259tic\u0259 verir.<\/p>\n

              Q\u0131sa x\u00fclas\u0259<\/h2>\n
                \n
              • Fail2Ban log \u0259sasl\u0131 avtomatik m\u00fcdafi\u0259 al\u0259tidir<\/li>\n
              • t\u0259krarlanan u\u011fursuz login c\u0259hdl\u0259rini g\u00f6r\u00fcb IP bloklaya bil\u0259r<\/li>\n
              • x\u00fcsusil\u0259 SSH brute-force c\u0259hdl\u0259rin\u0259 qar\u015f\u0131 faydal\u0131d\u0131r<\/li>\n
              • firewall-\u0131 \u0259v\u0259z etmir, onu tamamlay\u0131r<\/li>\n
              • SSH key v\u0259 dig\u0259r t\u0259hl\u00fck\u0259sizlik t\u0259dbirl\u0259ri il\u0259 birlikd\u0259 istifad\u0259 olunmal\u0131d\u0131r<\/li>\n<\/ul>\n

                Qeyd:<\/strong> M\u0259qal\u0259 Linux server t\u0259hl\u00fck\u0259sizliyi, SSH m\u00fcdafi\u0259si v\u0259 log \u0259sasl\u0131 avtomatik bloklama praktikalar\u0131 \u0259sas\u0131nda haz\u0131rlan\u0131b.<\/p>\n","protected":false},"excerpt":{"rendered":"

                Fail2Ban n\u0259dir, server t\u0259hl\u00fck\u0259sizliyind\u0259 brute-force c\u0259hdl\u0259rini nec\u0259 azald\u0131r, SSH m\u00fcdafi\u0259sind\u0259 niy\u0259 faydal\u0131d\u0131r, bu yaz\u0131da sad\u0259 dill\u0259 izah olunur.<\/p>\n","protected":false},"author":1,"featured_media":11121,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[31,16,41],"tags":[],"class_list":["post-11122","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security","category-domain","category-tutoriallar"],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/bitep.net\/blog\/wp-content\/uploads\/2026\/04\/fail2ban-nedir-server-tehlukesizliyi-replicate.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/posts\/11122","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/comments?post=11122"}],"version-history":[{"count":1,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/posts\/11122\/revisions"}],"predecessor-version":[{"id":11123,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/posts\/11122\/revisions\/11123"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/media\/11121"}],"wp:attachment":[{"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/media?parent=11122"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/categories?post=11122"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/tags?post=11122"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}