Toby Bluhm wrote:
Try fail2ban from rpmforge.
The main problem with fail2ban is that it's based on Python, so it takes a fair bit of memory. This isn't a big problem on a dedicated server or on a system with swap, but a lot of these attacks are made against shared servers or those running virtual machine schemes like OpenVZ, which don't allow swap, so you don't have enough memory to run something so heavy.
What I do on my VPS is periodically look at the logs and ban attackers by hand with this script, which I call iptdrop:
DROPFILE=/etc/network/iptables-drops if [ -n "$1" ] ; then iptables -I INPUT -s "$1" -j DROP echo $1 >> $DROPFILE else echo usage: $0 ipaddress echo exit 1 fi
Then in /etc/rc.local:
while read ip ; do iptables -I INPUT -s "$ip" -j DROP done < /etc/network/iptables-drops
That restores any bans on reboot.
After a week or three, I remove the IP from the list, on the theory that it might be some bot-infested PC behind DHCP, and so has probably moved on.