Robert Spangler wrote: > On Wednesday 11 May 2011 12:58, the following was written: >> the atempts are from a certain registrar's region, I won't name it, > > iptables -I INPUT -i eth0 -s x.x.x.x/24 -j DROP I do not consider /24 subnet a "region subnet". You would need to use something like sophisticated reverse DNS to resolve IP of the connection and that would take time, not to mention problems with false positives and .com, etc. Only way would be if you would know physical locations of respective subnets. I use denyhosts that regularly pools new offenders IP's from protected systems all around a world. On my 3 servers, in last 5 months, I had only 114 e-mail reports of an ssh attempt. denyhosts uses hosts.deny, and currently I have ~7000 IP's blocked from there that are automatically blocked.