# Fail2Ban versus CSF?



## vpsnewb (Oct 11, 2013)

Which one do you think is better? I have lot of experience with CSF on cpanel servers but not on a server without it. I've never used fail2ban before. Which one would be better for a vps that has no control panel?


----------



## Amitz (Oct 11, 2013)

I would say that the two have different applications: One (CSF) is a firewall frontend with Intrusion Detection Service (LFD) and the other is a plain Intrusion Detection Service (fail2ban). If you do not need the firewall part of CSF, then I would go with fail2ban.


----------



## wlanboy (Oct 11, 2013)

As Amitz said: Two different purposes.

I do prefer fail2ban because it is quite easy to write new regex statements to watch every logfile you want.


----------



## jarland (Oct 11, 2013)

Base functionality for the average user, fail2ban and LFD will be no noticeable difference. Of course, CSF is a nice easy way to fine tune iptables for the average user and for that I highly recommend it.


----------



## Increhost (Oct 11, 2013)

For web hosting enviroments LFD is great, sometimes port scan gives a little trouble

with false positives, so you need to keep an eye on them.

CSF is very nice, and has evolved since it's creation, so in combination with

LFD they do a great job.

But... you have to keep track of the logs, if you use mod_security rules, you could block

forever everybody if a rule doesn't like a website (not just http block but ip blocking too).

Anyway, as people already told, they're different, but CSF+LFD is totally recommendable.

cheers!


----------



## Lee (Oct 11, 2013)

vpsnewb said:


> Which one do you think is better? I have lot of experience with CSF on cpanel servers but not on a server without it. I've never used fail2ban before. Which one would be better for a vps that has no control panel?


Bear in mind you can still use CSF just like you would as it were cPanel, editing the config file from the command line is just like seeing the editor page in cPanel so if you are familiar with it stick with it.


----------



## eva2000 (Oct 11, 2013)

I use CSF on both WHM/Cpanel and my Centmin Mod Nginx installer (non-gui CSF). But apparently you can also use CSF + Fail2ban as long as you configure Fail2ban to NOT conflict with what CSF can do and just leave Fail2ban to do stuff CSF can't do.

I'm still noob to Fail2ban so testing this theory out and using it just as type of WAF for brute force attacks against wordpress and vbulletin (basically emptying out /etc/fail2ban/jail.local with just wordpress and vbulletin settings.


----------



## Magiobiwan (Oct 11, 2013)

CSF has a nice Webmin Module which you can use it with, if you don't have cPanel on your server. I use CSF on my servers through Webmin, and it works quite nicely. After I realized I should whitelist all the IPs I might possibly use to connect... Accidentally blocked myself from SSHing in!


----------



## clarity (Oct 11, 2013)

I am also pretty sure that CSF has its own web-GUI now.


----------



## drmike (Oct 12, 2013)

Someone, please, consider a CSF tutorial for newbs... I could use it


----------



## Kakashi (Oct 14, 2013)

CSF has always been very good to me.  :wub:


----------



## rupe (Oct 28, 2013)

drmike said:


> Someone, please, consider a CSF tutorial for newbs... I could use it


Yes this would be nice. I'm going to try and find a good one using google, and, if I succeed, will post link here.

I'm using fail2ban, but will add csf, as well, from now on.

I just did a quick install on one of my 'test' VPSes, and see that it didn't enable LFD, which is appropriate for my setup (fail2ban covers LFD's function).


----------

