Hi,
On my personal server I sometimes see people trying to sort of bruteforce their way into my ftp server (vsftp by the way). I see ~15 lines in auth.log where the same ip tries to log in with user name "Administrator" before they leave.
This isn't all that bad but what if they keep on trying without me stopping them...?
Is there a way to catch this behaviour and limit the number of failed log in attempts within a certain time span?
I have been thinking about writing a script of my own to poll auth.log for these events and put suspious ip's in hosts.deny but I don't know if it would be a good idea as the script would need to check the file quite often, say every 5 seconds or so.
But most important, before I try this I want to be sure that I'm not re-inventing the wheel
So, is there a way to monitor failed log in attempts and banning ip's?