One more thing - you might want to look at authfail. After a number of attempts to log in, it will add firewall rules to block that IP address. mark