On 07/10/2009 02:59 PM, Rainer Duffner wrote: > Brute-forcing has long-since started to go distributed, fooling fail2ban > and similar scripts with just 3 or 4 checks per single source-host. I've never been a big fan of either denyhosts or fail2ban, both of them are just making it easier for someone else to ddos you, and achieve little in terms of the real problem, as you said here the brute forcing has gone into the spam-botnets a long time back. as an example : one of my machines got ssh attempts from > 3500 different ip's in under an hour a few weeks back. pam_shield and similar solutions offer a slightly gentler way to implement similar stuff, but iptables and perhaps a creative netlables solution to lock in what you need and how you need it, is a far better solution. - KB