On 9/26/07, John Hinton webmaster@ew3d.com wrote:
Situation: We are providing hosting services.
I've grown tired of the various kiddie scripts/dictionary attacks on various services. The latest has been against vsftpd, on systems that I can't easily control vs. putting strict limits on ssh. We simply have too many users entering from too many networks many with dynamic IP addresses.
Enter.... thinking about LIDS or Log Based Intrusion Detection.
I've run across four systems.
Blockhosts, DenyHosts, fail2ban and OSSEC.
DenyHosts apparently only works with ssh, so I've discounted using that.
denyhosts will work with anything that uses tcp_wrappers. You can futz it to work with ssh, vsftpd, etc. However beyond that I can't be of much help at the moment. I would say go with multiple layers as much as possible.