> > I've found the default 10min bans hardly bother some attackers. > So I've added the "recidive" feature of fail2ban. After the > second 10min ban, the attacker is blocked for 1 week. > Oh definitely. My systems are set to "3 bans and you're out" - a recidive ban is permanent after three other bans. I have large parts of some subnets in my ban list as attackers just move from one host to another as they get banned. P.