Karl McKay-Ritchie

If you run a server — whether it's a VPS, a dedicated box, or a home lab — brute force attacks are not a question of if, but when. Attackers use automated tools to hammer your SSH port, trying thousands of username and password combinations every single day.

The good news? There's a lightweight, free, and incredibly effective tool that can stop these attacks in their tracks: Fail2Ban.

In this post, I'll walk you through exactly how I installed and configured Fail2Ban on my server, and how you can do the same to dramatically improve your server security.

What Is Fail2Ban?

Fail2Ban is an open-source intrusion prevention tool written in Python. It works by monitoring log files on your server — such as SSH, Apache, Nginx, or mail server logs — and automatically banning IP addresses that show signs of malicious activity, like repeated failed login attempts.

Once an IP triggers a certain number of failures within a set time window, Fail2Ban adds a rule to your firewall (typically iptables or nftables) to block that IP for a configurable period of time.

Why Use Fail2Ban?

• Reduces server load — Blocked IPs can no longer flood your server with login attempts.
• Works automatically — No manual intervention needed once it's configured.
• Highly customisable — You can adjust thresholds, ban durations, and which services to protect.
• Lightweight — Uses minimal system resources, even on small VPS plans.

Prerequisites

Before you begin, make sure you have:

• A Linux server (Ubuntu, Debian, CentOS, or similar)
• Root or sudo access
• SSH access to your server
• A basic understanding of the terminal

How to Install Fail2Ban

On Ubuntu / Debian

sudo apt update
sudo apt install fail2ban

Once installed, Fail2Ban should start automatically. You can verify this by running:

sudo systemctl status fail2ban

You should see active (running) in the output.

How to Configure Fail2Ban

Fail2Ban uses configuration files called jails. Each jail defines the rules for a specific service (e.g., SSH, Apache, Nginx).

The Golden Rule: Never Edit jail.conf Directly

The default configuration file is located at /etc/fail2ban/jail.conf. However, this file gets overwritten when you update the package. Instead, create a local override file:

sudo nano /etc/fail2ban/jail.local

Any settings in jail.local will take priority over jail.conf.

Basic Configuration

Here's a simple jail.local setup that protects your SSH service:

[DEFAULT]
# Ban IPs for 1 hour (in seconds)
bantime = 3600

# An IP is banned if it triggers a failure within this time window
findtime = 600

# Number of failures before an IP is banned
maxretry = 5

# Use the systemd backend if your server uses systemd
backend = systemd

[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3

What Do These Settings Mean?

• bantime — How long (in seconds) a blocked IP stays banned. Set to 3600 for a 1-hour ban, or -1 to ban permanently.
• findtime — The time window Fail2Ban looks back through. If an IP hits maxretry failures within this window, it gets banned.
• maxretry — The number of failed attempts allowed before a ban is triggered. I set SSH to 3 for tighter security.
• backend — Tells Fail2Ban how to read system logs. Use systemd if your server uses systemd (most modern distros do).

Protecting More Than Just SSH

One of the best things about Fail2Ban is that it can protect almost any service that writes to a log file. Here are some common jails you can add to your jail.local:

Apache

[apache]
enabled = true
port = http,https
filter = apache
logpath = /var/log/apache2/error.log
maxretry = 5

Nginx

[nginx-http-auth]
enabled = true
port = http,https
filter = nginx-http-auth
logpath = /var/log/nginx/error.log
maxretry = 5

Postfix (Email)

[postfix]
enabled = true
port = smtp,465,587
filter = postfix
logpath = /var/log/mail.log
maxretry = 5

How to Restart and Test Fail2Ban

After making changes to your configuration, restart Fail2Ban:

sudo systemctl restart fail2ban

To check that everything is running correctly:

sudo fail2ban-client status

To see the status of a specific jail (e.g., SSH):

sudo fail2ban-client status sshd

This will show you how many IPs are currently banned and how many failures have been detected.

How to Unban an IP Address

If you accidentally lock yourself out or want to manually unban an IP, use this command (replace x.x.x.x with the actual IP):

sudo fail2ban-client set sshd unbanip x.x.x.x

Best Practices for Using Fail2Ban

Use it alongside other security measures. Fail2Ban is a great first line of defence, but it shouldn't be your only one. Consider pairing it with SSH key-based authentication and disabling password login entirely.

Set a reasonable bantime. For SSH, a ban of 1 hour is usually sufficient. For more sensitive services, you might want to increase this or even set a permanent ban.

Monitor your logs regularly. Check your Fail2Ban status weekly to stay aware of attack patterns targeting your server.

Keep your software updated. Fail2Ban and your other server software should always be kept up to date to patch any known vulnerabilities.

Final Thoughts

Installing Fail2Ban on my server was one of the simplest and most effective security steps I've taken. It took less than 10 minutes to set up, and it immediately started blocking the constant stream of brute force attempts that every public-facing server receives.

If you haven't already secured your server with Fail2Ban, I'd strongly recommend giving it a try. It's free, lightweight, and does a fantastic job of keeping brute force attackers at bay.

Video Tutorial

If you prefer to follow along visually, this video also helps:

I've started reading The Brothers Karamazov by Dostoevsky. I've read Absolute Batman and now I'm reading Dostoevsky, so I read a broader range than most. This may not be the best Dostoevsky book to start with, but it is his finest work—and according to Jordan Peterson, the greatest book ever written.

One of the problems with reading books like this is that you really need a teacher to guide you through them. So I used AI and had it create a reading guide and a clear, spoiler-safe character map for The Brothers Karamazov. I wish I'd had this when reading Ulysses.

Character Map for the Early Chapters

This guide is designed to sit beside you while you read, so names and relationships don't blur together.

The Karamazov Family Tree

Fyodor Pavlovich Karamazov
│
├── Dmitri (Mitya) Karamazov – eldest son
│   Mother: Adelaida Ivanovna
│
├── Ivan Karamazov – middle son
│   Mother: Sofya Ivanovna
│
├── Alexei (Alyosha) Karamazov – youngest son
│   Mother: Sofya Ivanovna
│
└── Pavel Smerdyakov – illegitimate son
    Mother: Lizaveta ("Stinking Lizaveta")

The Characters

1. Fyodor Pavlovich Karamazov (The Father)

• Landowner
• Selfish, vulgar, irresponsible
• Avoids emotional and moral responsibility
• Source of chaos for the family

Role in the novel: The moral failure that shapes everything else.

2. Dmitri (Mitya) Karamazov – The Body

• Eldest son, raised without stability
• Passionate, emotional, impulsive
• Obsessed with honor, money, and love

Key traits: Acts before thinking, feels guilt deeply, lives intensely.

3. Ivan Karamazov – The Mind

• Middle son
• Intelligent, analytical, skeptical
• Struggles with God, evil, and morality

Key traits: Values logic over faith, emotionally restrained, has dangerous ideas (the book asks: what happens when ideas are lived?).

4. Alexei (Alyosha) Karamazov – The Soul

• Youngest legitimate son
• Kind, empathetic, spiritually inclined
• Disciple of Elder Zosima

Key traits: Listens more than speaks, acts with compassion, serves as the moral center of the novel.

5. Pavel Smerdyakov – The Shadow

• Illegitimate son and servant
• Raised in the household but never acknowledged
• Quiet, resentful, observant

Key traits: Feels invisible, internalizes humiliation, becomes crucial later on.

The Mothers (Important but Brief)

Adelaida Ivanovna

• Dmitri's mother
• Proud, fiery, independent
• Escapes Fyodor Pavlovich but dies young

Sofya Ivanovna

• Ivan and Alyosha's mother
• Gentle, fragile, deeply religious
• Dies early, leaving her sons vulnerable

Lizaveta ("Stinking Lizaveta")

• Disabled, homeless woman
• Mother of Smerdyakov
• Represents society's discarded people

Spiritual & Moral Figures

Elder Zosima

• Monk and spiritual guide
• Mentor to Alyosha
• Teaches love, responsibility, humility

Role: Counterweight to Fyodor Pavlovich's moral emptiness.

Quick Memory Hook

• Fyodor → Chaos
• Dmitri → Passion
• Ivan → Doubt
• Alyosha → Faith
• Smerdyakov → Resentment

Why This Map Matters

This novel isn't driven by plot twists—it's driven by:

• Character

• Moral conflict

• Inner struggle

Knowing who is who lets you focus on why they act, not just what happens. Hope this helps! Here's a YouTube audiobook of Part One—great if you want to listen while following along with the character map:.

2025 was a rough year for cinema, with critical and commercial disasters like Snow White, Hurry Up Tomorrow, and Death of a Unicorn. I was going to include The Electric State on my list of guilty pleasures, but honestly, it was so forgettable that I barely remember anything about it—except that I thought it was better than Amazon's Fallout TV series.

Here are some of the panned 2025 movies I actually enjoyed.

Predator: Badlands

I mainly liked this one because of Elle Fanning's performance, and I genuinely thought it was better than Avatar: The Way of Water. That said, the predators looked worse than they did in the 1987 original, which is embarrassing. Also, once you give the Predators a name like "the Yautja," it takes away a lot of the mystique. I always thought the predators in the first two movies were a fringe group on the outskirts of their society that hunted lesser races for sport. A monoculture that revolves entirely around hunting and culling the weak wouldn't get past the Stone Age—unless this is set after the fall of Yautja civilization and only the hunters remain.

Despite its flaws, Badlands does have some funny moments. Sure, it's not about a man fighting a Predator—the first two movies did that better than anything else—but there are far worse movies with "Predator" in the title.

In the Lost Lands

This adaptation of a George R.R. Martin short story wasn't nearly as bad as its reception suggested. It went down like a lead balloon, and most people found it difficult to follow. Mind you I was thinking, "They didn't have sorcerers in D&D in 1986,"when i was watching Stranger Things  and having heard of the Gamma World rpg , I got what they were going for. It's pretty solid '80s-style fantasy and makes me want to read the short story.

It's better than the Game of Thrones finale and the Fallout TV show. I don't know why this deserved a Razzie nomination—maybe the lack of chemistry between Milla Jovovich and Dave Bautista? Though that's not as bad as the lack of chemistry in The Electric State, however some of the supporting cast did deliver wooden performances.

The Simpsons hit a new low in 2025. The show hasn't been good since 1997's "The Principal and the Pauper." There have been a few decent Treehouse of Horror segments—like the Death Note one, the Snowpiercer one, and the Westworld one—but overall, the quality has declined significantly.

Marge's actress's voice has deteriorated to the point where she now gets replacements for singing segments, which is worse than simply not being able to hit the high notes anymore.

The show really should have finished after the 2007 movie. The 2027 movie would be a good exit point, but I fear it will keep going even after that.

A particular low point was promoting the movie Ella McCay, a '90s Ally McBeal pastiche by James L. Brooks (who commissioned The Simpsons way back in 1989). The movie was so forgettable it didn't make any "worst movies of 2025" lists and will only be remembered as some Simpsons "Weird Al"-style cross-promotion. You have Lisa Simpson saying Ella McCay is the greatest movie ever made—with no irony:

Got a new Windows PC? Before you start downloading programs one by one or diving into complex system tweaks, there's one tool that should be your very first installation: Chris Titus's Ultimate Windows Utility.

What Is It?

The Ultimate Windows Utility is a powerful, all-in-one tool created by Chris Titus that streamlines the process of setting up and optimizing a fresh Windows installation. Instead of spending hours manually configuring your system, this utility handles multiple tasks from a single interface.

Quick Installation

Getting started is remarkably simple:

1. Right-click on the Windows icon in your taskbar
2. Select "Terminal (Admin)" to open PowerShell with administrator privileges
3. Paste this command and press Enter:

   iwr -useb https://christitus.com/win | iex

That's it! The utility will download and launch automatically.

Key Features

Software Installation Made Easy

The utility includes a comprehensive software installer that lets you quickly install essential programs. I particularly recommend installing Brave Browser as your first addition – it offers excellent privacy protection and ad-blocking right out of the box.

System Cleanup and Optimization

The tool provides powerful cleanup options to remove bloatware and unnecessary files that often come pre-installed on new systems. This helps free up storage space and can improve system performance.

Privacy-Focused Windows Tweaks

One of the utility's strongest features is its ability to modify Windows settings that Microsoft uses for tracking and telemetry. The standard privacy settings will disable much of Microsoft's data collection, giving you better control over your personal information.

Advanced Recommendation

For users comfortable with network configuration, I recommend enabling the "Prefer IPv4 over IPv6" setting. While IPv6 is the future of internet protocols, it currently has some security vulnerabilities that make IPv4 the safer choice for most home users.

Learn More

Want to see the utility in action? David Bombal has created an excellent walkthrough video that demonstrates how to use all the features effectively:

Final Thoughts

The Ultimate Windows Utility transforms the often tedious process of setting up a new Windows PC into a streamlined, efficient experience. Whether you're a power user looking to optimize performance or someone who simply wants better privacy controls, this tool deserves a spot in your essential software toolkit.

Ready to take control of your Windows experience? Visit christitus.com/windows-tool to learn more about this indispensable utility.

Always remember to create a system restore point before making significant system changes, and ensure you understand what each setting does before applying it.

Setting up a Windows PC without requiring a Microsoft online account is not only possible but also increasingly popular among users who prioritize privacy and have connectivity concerns. This comprehensive guide will show you exactly how to create a local Windows account instead of being forced into Microsoft's online ecosystem.

Why Choose a Local Windows Account Over Microsoft Account?

Enhanced Privacy Protection

Creating a local account keeps your personal data on your device rather than syncing with Microsoft's cloud services. This approach significantly reduces data collection and provides better control over your privacy settings.

Perfect for Limited Internet Connections

If you're dealing with unreliable internet connectivity - whether in rural areas, temporary housing, or rental properties with poor Wi-Fi - a local account ensures your PC functions properly without constant online verification.

Avoid Forced Cloud Integration

Local accounts prevent automatic OneDrive syncing, Cortana data collection, and other cloud-based features that many users prefer to avoid.

Step-by-Step Guide: Windows Setup Without Microsoft Account

The process is surprisingly straightforward once you know the right steps. Here's how to bypass the Microsoft account requirement during Windows installation:

Method 1: During Initial Windows Setup

1. Start the Windows setup process as normal
2. When prompted for Microsoft account, look for the "Domain join instead" or "Set up for an organization" option
3. Select "Set up for personal use" when asked
4. Choose "Sign-in options" and select "Create account"
5. Click "Local account instead" when given the option

Method 2: Using Command Prompt Bypass

If the above options don't appear, you can use this technical workaround:

1. Press Shift + F10 during setup to open Command Prompt
2. Type start ms-cxh:localonly to bypass online requirements
3. Continue with local account creation

Benefits of Local Windows Accounts

Complete Offline Functionality

Your Windows PC will work perfectly without internet connectivity, making it ideal for:

• Remote work locations
• Areas with poor internet infrastructure
• Temporary housing situations
• Privacy-conscious users

Reduced Data Sharing

Local accounts minimize the personal information shared with Microsoft, including:

• Browsing habits
• App usage patterns
• File synchronization data
• Location tracking

Better Performance

Without constant cloud syncing and telemetry, many users report improved system performance and faster boot times.

Expert Demonstration: Video Tutorial

For a detailed visual walkthrough of this process, cybersecurity expert David Bombal provides an excellent step-by-step demonstration showing exactly how simple this setup process can be. His tutorial covers all the technical details and potential troubleshooting steps you might encounter.

Watch the complete tutorial by David Bombal:  Windows Local Account Setup Guide

Common Questions About Windows Local Accounts

Can I Switch from Microsoft Account to Local Later?

Yes, you can convert your existing Microsoft account to a local account through Windows Settings at any time.

Will I Lose Windows Updates?

No, Windows updates will continue to work normally with a local account.

What About Microsoft Store Access?

You can still access the Microsoft Store by signing in when needed, without making it your primary account type.

Conclusion: Take Control of Your Windows Experience

Setting up Windows with a local account instead of a Microsoft account is a simple but powerful way to maintain privacy and ensure reliable PC operation regardless of your internet situation. Whether you're in a rental property with spotty connectivity or simply value your digital privacy, this approach gives you complete control over your Windows experience.

The process takes just a few extra minutes during setup but provides long-term benefits for privacy, performance, and offline functionality.

So, I did it. I bought more shares in Sosandar (AIM: SOS).

This company is still one of my biggest losing positions — though not quite as bad as my painful ride with Argo Blockchain (I’ll cover that story another time…). Despite the losses I decided to average down. Below is what I looked at before pressing buy again and why I think there’s a real shot at upside.

Why Sosandar?

Sosandar is a UK fashion retailer focused on midlife womenswear. It’s not trying to be another fast-fashion giant — and that’s part of its appeal. Here are the reasons I felt comfortable adding to my position:

• Top-line & turnaround: Revenue fell ~20% in FY25 (from £46.3m to £37.1m) after a period of heavy discounting. Management deliberately dialled back promotions to protect margin.

• Margins are improving: Gross margin rose from ~57.6% to 62.1% in FY25, and Q1 FY26 showed margins near 65% — a meaningful structural improvement.

• Profit discipline: Adjusted profit before tax moved positive once one-offs are stripped out. Management is prioritising full-price sales and profitability over growth-at-all-costs.

• Cash runway: Net cash sits around the £8m mark, which gives the company room to scale stores or weather short-term partner issues without immediate dilution risk.

• Physical retail expansion: The company opened its first stores in 2025, targeting affluent market towns. Early indications are the stores are trading close to break-even.

• Customer base: Sosandar’s customers return items far less than fast-fashion shoppers, which helps reduce return rates and protects margins.

Quick ASOS comparison: One big reason I’m not backing ASOS is returns and customer behavior. In my view ASOS is overvalued — realistically worth maybe 10% of its current market cap. Every time I go to the post office I see people returning ASOS parcels; that return culture creates margin pressure and logistical costs. Sosandar, by contrast, is deliberately trying to reduce promotions and returns and build a steadier, full-price business.

Research I Asked ChatGPT to Do

Before buying more I asked ChatGPT to run through the latest numbers, analyst targets and downside scenarios. The summary:

• Share price at the time of research: ~5p.

• Analyst consensus targets clustered around 11p, implying ~100% upside if forecasts hold.

• Some algorithmic/AI models are far more bearish and predict steep downside.

• Probability estimate from that research: roughly 55–60% chance of Sosandar executing successfully (sustaining margins, returning to growth and delivering consistent profits), ~25–30% chance of stagnation, and ~10–15% chance of a material failure.

Probability & My Thinking

Yes, I’m aware those numbers aren’t guarantees — they’re probability estimates based on public financials, recent trading updates and execution risks. But that ~60% chance of doubling (to ~10–11p within a year) lines up with the analyst targets and the margin improvements I’m seeing.

Why average down?

• If margins and cash generation continue to improve, the market will likely re-rate the stock.

• Small-cap stocks move fast. Averaging down reduces my average cost and increases upside if the turnaround sticks.

• I’m comfortable accepting higher volatility for the potential of higher returns — this is a speculative slice of my portfolio, not my core holding.

Risks (Be Realistic)

• Partner & channel risk: Dependence on wholesale partners and broader retail disruptions can cause revenue volatility.

• Store rollout risk: Retail expansion is capital intensive and could hurt margins if stores underperform.

• Macro & fashion risk: Consumer sentiment and fashion trends can shift quickly.

• Thin coverage: Limited analyst coverage means surprises (good or bad) can cause sharp price moves.

Conclusion — What I Did

I bought more Sosandar shares. It’s one of my biggest losers, but I believe the price is reflecting too much pessimism and not enough of the margin and strategy gains we’re seeing. I view it as a calculated risk: a speculative position sized to my risk appetite with a potential payoff that, if execution continues, could be significant.

Not investment advice — just my personal journey.