fail2ban scans log files for repeated failures (like SSH login attempts) and automatically firewalls the offending IPs. It's one of the easiest, highest-value defences for any VPS.

Install

sudo apt install fail2ban -y
sudo systemctl enable --now fail2ban

Configure a local jail

Never edit the default file — create /etc/fail2ban/jail.local:

[sshd]
enabled = true
maxretry = 4
bantime = 1h
findtime = 10m

This bans an IP for an hour after 4 failed SSH logins within 10 minutes.

Check what it's doing

sudo fail2ban-client status
sudo fail2ban-client status sshd

Protect more than SSH

fail2ban ships jails for Nginx, Apache, WordPress and mail servers too — enable the ones relevant to your stack. Combined with SSH keys and a firewall, it stops the constant background noise of brute-force bots cold.