m.roth at 5-cent.us wrote: >> Every few days I see in the logwatch on my Centos-5.5 web-server >> what seems like a rather feeble break-in attempt. >> In fact, I'm not clear how one should deal with logwatch entries >> in general. >> Is there any document giving advice on this? > > We run fail2ban. It blocks a given IP for so long after so many (3? 5?) > failed attempts to break in. It also does a whois on the IP, which is a > little more info. Thanks, I'll try that. I had heard of fail2ban , but was slightly put off by the strange name; what exactly is the name meant to convey? -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland