CrowdSec is an open-source, collaborative Intrusion Detection System (IDS) and firewall that protects servers, services, and containers by analyzing log files to detect and block malicious behavior. It uses a community-driven approach, sharing threat intelligence about malicious IP addresses across all users to create a collective, real-time defense against botnets, DDoS, and other cyberattacks.

There is an official Crowdsec Collection for Hestia Control Panel available now. With this can protect the control panel like fail2ban but more efficient. Can take advantage of the community blocklist and can get 3 free blocklist if have free Crowdsec account.

If Crowdsec already installed then follow Step 3 and Step 4.

Installing CrowdSec on Linux (Ubuntu/Debian)

1. Add Repository & Install: Run the following command to automatically add the repo and install the agent:

curl -s https://install.crowdsec.net | sudo sh
sudo apt update
sudo apt install crowdsec

2. Install Firewall Bouncer: To make CrowdSec actually block malicious IPs (not just detect them), install the firewall bouncer:

sudo apt install crowdsec-firewall-bouncer-iptables

3. Install Hestia Control Panel Collection:

Reference: https://app.crowdsec.net/hub/author/LearningSpot/collections/hestiacp

sudo cscli collections install LearningSpot/hestiacp

Create acquisition file for this in /etc/crowdsec/acquis.d/hestiacp.yaml

---
filenames:
 - /var/log/hestia/auth.log
labels:
  type: hestiacp

Reload Crowdsec:

sudo systemctl reload crowdsec

4. Verify Installation:

Check if Crowdsec is running:

sudo systemctl status crowdsec

Check if Crowdsec Firewall Bouncer is running:

sudo systemctl status crowdsec-firewall-bouncer

Now your protected against BAD IPS and brute force attack on the Control Panel.