My two servers are under constant attack by certain countries in particular. My brute force protection kicks in and notifies me constantly via SMS email and my own Desktop email client. It is set so they are allowed 15 tries before they are IP banned for 180 minutes. But its only a temporary ban, it doesn't black list the IP permanently (im referring to cPHulk).. I simply cant manually black list IP's 24hrs a day, and banning sub nets could have a negative impact on the server. Besides they could be using a VPN for all I know or have dynamic IP's. Is there a way to ban ISP's from accessing my server by say, for example *.CN or *.RU? (these are only examples). or some way to ban a region geographically? So they are simply refused connection? I have users on my servers that are also under attack on their forums i host, they get past the captcha (im talking about spam bots) they even pass the MX lookup for the email address record. I've been made a server administrator on one of the forums to try to stop this flood, and have only partially succeeded, it still remains under attack, and they still get past user authentication via email. It is now set so a real human being cant sign up and post without approval (for their first post).. We dont really like this solution as we cant monitor the forum 24hrs a day either.
any help, suggestions, or insight is greatly appreciated regarding this issue.. i dont know if this is really a viable option either as im not even really considered a linux novice even LOL. However i am learning more and more about CentOS 7.3 (mainly the terminal) every day, and I have begun to start liking it allot