Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. Generally Fail2Ban then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email, or ejecting CD-ROM tray) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, curier, ssh, etc).
README (Official README file)
Manual (Official Fail2ban documentation)
Configuration (Configuration related to external software)
FAQ (Frequently Asked Questions)
HOWTOs (HOWTOs contributed by users)
Reference Manual (Source code documentation)
Contributors (persons who contributed to the project)
To experiment with this wiki try Sandbox. See the User's Guide for usage and configuration help.