CrowdSec on an Anubiz Offshore VPS
CrowdSec is fail2ban's modern successor: it parses logs locally, pushes anonymized signals to a central API, and pulls a community blocklist back. On an Anubiz VPS it shaves probe traffic significantly because the community list catches scanners hours before they reach you. This guide installs CrowdSec on Ubuntu 24.04 with the nftables bouncer and three log parsers (sshd, nginx, postfix).
Need this done for your project?
We implement, you ship. Async, documented, done in days.
Step 1: Install
Add the CrowdSec repo, apt install crowdsec. The engine starts on install. Check status: cscli metrics.
Step 2: Collections
cscli collections install crowdsecurity/sshd, crowdsecurity/nginx, crowdsecurity/postfix. Each pulls parser, scenario and whitelist for that service.
Step 3: nftables Bouncer
apt install crowdsec-firewall-bouncer-nftables. The bouncer creates an nft set that the engine populates with decision IPs. Your baseline ruleset needs a rule ip saddr @crowdsec-blacklists drop at the top of input.
Step 4: Community Blocklist
Register with the central API: cscli console enroll. After 24h the community blocklist is pulled and adds ~50k known-bad IPs to the set. SSH probes drop noticeably.
Step 5: Tuning
Add the panel and Anubiz support IP ranges to the whitelist cscli postoverflows install crowdsecurity/whitelist-good-actors. Set decision lifetime: cscli decisions list shows current bans.
Related Services
Why Anubiz Host
Ready to get started?
Skip the research. Tell us what you need, and we'll scope it, implement it, and hand it back — fully documented and production-ready.