fail2ban is a critical piece of security software, as is some firewall. for those new to linux, you might as well use the one that is super-easy to install.
The opposite is true about fail2ban: it's cargo-cult security, and people shouldn't be running it. It never made any sense, but it especially makes no sense if you're going to (sensibly) disable password authentication.
I agree for ssh - but I use it on a couple servers that have WordPress for the sole purpose of blocking IPs that engage in brute force attempts.
It has a real and dramatic impact on a few things - I got CPU warnings from one server a couple weeks back because I'd inadvertently broken logging and fail2ban stopped working and someone was doing a persistent brute force at high volume for 8 hours.
After I fixed fail2ban it dropped off immediately. I know some WordPress plugins will do this but I've not had much success with them compared to fail2ban so it's still my default for this purpose.
Are there better system-level approaches than fail2ban in this case? Or is your comment mostly directed towards those using it for ssh blocking?
