Welcome to Richard's Blog

Author: applegater

  • I did build an Arista Firewall for Sunrise Village to protect against DDoS.

    I built another mini computer for Sunrise Village and added another network card to my mini computer for internal and external network. Not only that, but I also set Internal to “bridge” and set my Modem wire to firewall “external” and then firewall “internal” to a 1 gigabit switch. So I can put more Server in one 1gig switch. We had static IP, and we’re using these on our server, so My Firewall will not protect my server until I create rules and firewall and Threat Prevention and virus Blocker.

    We can upgrade to 2.5Gig or 10gig speed on our server and firewall, but our plans are 600mbps and 200mbps uploads, so it is enough for all my server to hosting on switch.

    Not only that, but we have Three locations that require a firewall. I set up a firewall at Sunrise Village a few days ago, and it is working well. We need to protect where our server is that runs all of our store network and slack alternative and cloud storage.

    User 1: Omada TpLink Router Hosting
    User 2: Web and Email Hosting
    User 3: all apps in one server solution.

    A firewall serves as a safeguard against distributed denial-of-service attacks on the Internet.
    The firewall on our modem is weak, and we’re still getting DDoS attacks. We need a better firewall, so we can’t worry about our server and network systems.

  • How to Protect Your SSH Server from Brute-Force Attacks with Fail2Ban on Ubuntu

    Fail2Ban is a free Python tool that helps protect Linux servers from brute-force attacks. It’s especially useful for securing SSH. With Fail2Ban, you can automatically block IPs that try to guess passwords on your server.

    Why Use Fail2Ban for SSH Protection?

    Brute-force attacks can cause thousands of failed login attempts every day. If your server uses password-based logins, you need a way to block attackers. Fail2Ban watches your log files and blocks any IP that tries—and fails—too many times.

    Step 1: Update Your Ubuntu Server

    First, make sure your system is up to date:

    sudo apt update && sudo apt upgrade

    Step 2: Install Fail2Ban

    Install Fail2Ban using apt:

    sudo apt-get install fail2ban

    Enable Fail2Ban to start automatically:

    sudo systemctl enable fail2ban.service

    Step 3: Configure SSH Protection

    Do not edit the default config file!
    Instead, create a new file for your custom settings:

    sudo nano /etc/fail2ban/jail.local

    Add these lines to protect your SSH server:

    [sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
findtime = 300
bantime = 3600
ignoreip = 127.0.0.1

    What these settings mean:

    • enabled: Turns on protection for SSH
    • maxretry: Blocks an IP after 3 failed logins
    • findtime: Looks for failed attempts in a 5-minute window (300 seconds)
    • bantime: Blocks the IP for 1 hour (3600 seconds)
    • ignoreip: Never blocks your own server

    Step 4: Restart Fail2Ban

    Apply your new settings by restarting Fail2Ban:

    sudo systemctl restart fail2ban.service

    Now, Fail2Ban will automatically block any IP that fails to log in 3 times in a row.

    How to Unban an IP Address

    If you need to remove a ban, follow this guide on unbanning with Fail2Ban.

    With Fail2Ban, your Ubuntu server has stronger SSH brute-force protection. This makes your server safer and gives you peace of mind.

  • Upgrade network Shelf to cabinet network

    The excessive wiring and the way everything was stacked weren’t viable long-term solutions. I approached my supervisor to request an upgrade to a more secure and durable setup. Installing a network cabinet would help cut down on dust buildup and prevent overheating. Plus, adding an exhaust fan to the cabinet would efficiently vent hot air, making it easier to keep the system cool. We still have three more locations to take care of before the network cabinet installations are fully finished.

    Before
    I intend to rewire and cable everything next month to ensure proper cable management.
    After.


    More Picture of another stores:

    Network Experience
Secret Link