On 9/26/07, John Hinton <webmaster at ew3d.com> wrote: > Situation: We are providing hosting services. > > I've grown tired of the various kiddie scripts/dictionary attacks on > various services. The latest has been against vsftpd, on systems that I > can't easily control vs. putting strict limits on ssh. We simply have > too many users entering from too many networks many with dynamic IP > addresses. > > Enter.... thinking about LIDS or Log Based Intrusion Detection. > > I've run across four systems. > > Blockhosts, DenyHosts, fail2ban and OSSEC. > > DenyHosts apparently only works with ssh, so I've discounted using that. denyhosts will work with anything that uses tcp_wrappers. You can futz it to work with ssh, vsftpd, etc. However beyond that I can't be of much help at the moment. I would say go with multiple layers as much as possible. -- Stephen J Smoogen. -- CSIRT/Linux System Administrator How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice"