Docs / Security / Securing Your VPS with CrowdSec

Securing Your VPS with CrowdSec

By Admin · Feb 25, 2026 · Updated Apr 23, 2026 · 133 views · 1 min read

What Is CrowdSec?

CrowdSec is a modern, open-source intrusion prevention system. It analyzes logs, detects attacks, and applies remediation (blocking IPs). Its community-based threat intelligence shares attack data across all installations.

Installation

curl -s https://install.crowdsec.net | sudo sh
sudo apt install -y crowdsec crowdsec-firewall-bouncer-iptables

How It Works

  1. Log parsing — CrowdSec reads logs from Nginx, SSH, etc.
  2. Scenario matching — detects brute force, scanning, exploitation attempts
  3. Decision — creates a ban decision for the offending IP
  4. Bouncer — the firewall bouncer enforces the ban

Check Status

# View active decisions (bans)
sudo cscli decisions list

# View installed scenarios
sudo cscli scenarios list

# View metrics
sudo cscli metrics

Install Additional Scenarios

# Browse available scenarios
sudo cscli hub list

# Install collections for common services
sudo cscli collections install crowdsecurity/nginx
sudo cscli collections install crowdsecurity/sshd
sudo cscli collections install crowdsecurity/linux

sudo systemctl reload crowdsec

Manual IP Management

# Ban an IP for 24 hours
sudo cscli decisions add --ip 1.2.3.4 --duration 24h --reason "manual ban"

# Unban an IP
sudo cscli decisions delete --ip 1.2.3.4

# Whitelist an IP
sudo cscli parsers install crowdsecurity/whitelists
# Edit /etc/crowdsec/parsers/s02-enrich/whitelists.yaml

CrowdSec vs Fail2Ban

FeatureCrowdSecFail2Ban
Threat intelligenceCommunity-sharedLocal only
PerformanceGo-based, fastPython, slower
BouncersMultiple (firewall, Nginx, Cloudflare)iptables only
DashboardWeb console availableCLI only

Was this article helpful?

Related Articles