On Mon, 2011-08-29 at 15:31 -0400, m.roth at 5-cent.us wrote: > Sorry, not a lunatic. Your website's name has been harvested, and added to > some black-market commercial or script kiddie toolkit, and it's on > infected servers around the world. Take it from me... (I'm a contractor > for a US Federal Gov't agency*, and we get *tons*. It would be nice if Uncle Sam went after the pests. The attacks are not automatic. The loony is currently having difficulty finding vulnerable IPs and concentrating his efforts on a Japanese company with very lax security (7 IPs at the same place so far). > Check out fail2ban. It works very nicely. Mark, >From http://www.fail2ban.org/wiki/index.php/Main_Page it states: Fail2ban scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IP that makes too many password failures. It updates firewall rules to reject the IP address. I would like, if possible, to identify the fragments in IP tables and instantly block the packets thus preventing them entering the remainder of the server. Fail2ban does not do this. My current blocking requirement is specialised. Paul.