Protection from spammers and slowing down brute force attacks should always be used especially with cheap VPS / cloud computing as well as the botnets. Whilst there are no 100% way of preventing the issue there are software to help stop constant attacks. fail2ban is one such software which scans logs and detects constant attacks.
The software uses log files and scans them for consistent failed attempts from the same source. Once this is detected it will automatically block the source connection from further attempts for a period of times. Imagine a friend picks up your phone and keeps entering the wrong pin. They start from 1111, 1112, 1113, etc. Eventually by going through every pin combination they will eventually guess your pin and gain access to your phone. One way to slow them down is to add a timeout after say 3 bad attempts of 30 seconds. So after the third bad pin entry the phone will not allow any more guesses for 30 seconds (including yourself).
Now imagine a computer was trying to do the same thing with a password. It can type a lot quicker than your friend and will get eventually guess the right pin faster. With a timeout it will take longer slowing them down. This is the concept of how fail2ban works.
This article will go through installing fail2ban on Ubuntu 12.04.
Install fail2ban:
sudo apt-get install fail2ban
Copy the default configuration file:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Edit the file default file at /etc/fail2ban/jail.local
Each monitored system usually starts with [name of system] with the configuration under it. The first section is the [DEFAULT] which applies to any non customised settings in the individual settings. The default is generally can be used as is. Most of the checks on services are disabled so go through each one and change the enabled parameter from false to true to enable them.
For SSH there’s a [SSH] section. The port will be default to this:
port = ssh
If SSH runs on any port other than the default 22 then change ssh to the port number.
How To Protect SSH with fail2ban on Ubuntu 12.04