In addition to fail2ban
suggested above, there is also DenyHosts
); I've used it for years and it effectively bans intruders with either an IPTABLES or /etc/hosts.denyu
entry (after some number of failed log in attempts, the address is added to one or the other and connections will be refused). DenyHosts
runs as a daemon and you don't have to do any maintenance or twiddling with it once installed.
A nice feature of DenyHosts
is that you can share miscreant addresses with other DenyHosts
users around the world (they're added to your IPTABLES or /etc/hosts.deny
I run DenyHosts
so that it writes to /etc/hosts.deny
. New attempts to log in as root, wheel, etc. are appended to /etc/hosts.deny
and the site will be denied access on any subsequent attempts to connect (as will all addresses in that file).
Probably worth at least a look-see.
Hope this helps some.