Implementasi dan Evaluasi Sistem Pencegahan Serangan Brute Force pada Web Server Menggunakan Fail2ban

A web server is an essential component of internet services that processes user
requests through the HTTP/HTTPS protocol. However, web servers are also
vulnerable to various security threats, one of which is brute force attacks targeting
web login pages. This type of attack is carried out by repeatedly trying different
combinations of usernames and passwords until valid credentials are found. This
study aims to implement and evaluate Fail2Ban as a brute force prevention system
for the WordPress login page in a Linux-based virtual server environment. The
research method used is an experimental approach by comparing conditions before
and after the implementation of Fail2Ban, as well as testing variations of the
maxretry, findtime, and bantime parameters to examine their effect on blocking
effectiveness and the potential for false positives. The test results show that under
the baseline condition without Fail2Ban, brute force attacks could continue without
interruption, reaching a total of 420 failed login attempts within 10 minutes. After
Fail2Ban was activated using the main configuration of maxretry 5, findtime 10
minutes, and bantime 3 minutes, the attacker’s IP address was successfully blocked
after 5 failed attempts within 38 seconds. The parameter variation results indicate
that stricter configurations accelerate blocking but increase the risk of false
positives, while more lenient configurations are more tolerant of legitimate users
but provide attackers with more opportunity to continue their attempts. In terms of
performance, the implementation of Fail2Ban helped maintain login service
stability by reducing the increase in server load caused by repeated login attempts.
Based on these findings, Fail2Ban is considered effective as a basic prevention
mechanism against brute force attacks on WordPress login pages in a controlled
testing environment.