Timothy Murphy wrote: > m.roth at 5-cent.us wrote: > >>> Every few days I see in the logwatch on my Centos-5.5 web-server >>> what seems like a rather feeble break-in attempt. > >>> In fact, I'm not clear how one should deal with logwatch entries >>> in general. >>> Is there any document giving advice on this? >> >> We run fail2ban. It blocks a given IP for so long after so many (3? 5?) >> failed attempts to break in. It also does a whois on the IP, which is a >> little more info. > > Thanks, I'll try that. > I had heard of fail2ban , but was slightly put off by the strange name; > what exactly is the name meant to convey? > They fail to log in successfully enough times, they're banned by firewall rules. *heh* If odd names put you off, you probably shouldn't be playing with any version of *Nix.... <g> fail2ban is pretty self-explanatory, compared to, say, bonobo, or anaconda, or gnome.... mark "I know awk, sed, cp, rm, and dozens of other 2 and 3 letter commands, and I'm not afraid to use them!"