<![CDATA[This study presents a lightweight prototype designed to improve SSH brute-force defense by enabling collaborative IP blocking across multiple servers. The system integrates Fail2Ban with WebSocket to distribute banned IP addresses in real-time among trusted nodes eliminating the need for centralized infrastructure. The experiment was conducted on 3 virtual private servers (VPS), where one acted as the WebSocket server and the others as clients equipped with Fail2Ban. When an SSH brute-force attack is detected, the source IP is automatically shared across the network and blocked on all connected nodes. A qualitative observational approach was used to evaluate the system’s feasibility. Log data from the clients and server was analyzed to confirm the accuracy and consistency of IP synchronization. The results showed that banned IPs were propagated and enforced on all nodes within seconds of detection. These findings demonstrate the potential for decentralized, lightweight collaboration among SSH servers to enhance security without introducing complex infrastructure or external dependencies.]]>
Copyrights © 2025
