How would i use hosts.deny to block this IP from trying to access my machine anymore? And can someone give me a site where i can read about some software that detects failed logins and bans them? Thanx in advance!

You could use hosts.deny, but most people at this point would rather it be handled by an adaptive firewall. Ideally you would only want to block an IP for a set amount of time (rather than permanently) as you can block IPs that might otherwise have had legitimate users. For example, if somebody at a college port scanned your server and you blocked the IPs for that school, other people at that school would not be able to legitimately access you server forever.

If you only block IPs as soon as the attack starts and then unblock them in a day or so, by the time the IP has been unblocked the attacker will likely be using a new IP (or more likely just moved on to the next target).

At any rate, that is what you want to be looking into to automatically block IPs based on failed authorization attempts, adaptive firewalls. It is a rather large subject though, so be prepared to do a bit of research before you find one that suits your needs.

The firewall i use blocks the use of my ftpd. Im going to be looking into failed auth logins later on. But for now i'd just like to know how to block the IP. If anyone could just tell me how to do it with hosts.deny i'd appreciate it. Thanx in advance.

Add following to hosts.deny

ALL:219.136.254.102
---------------------------------
OR


You can type following in command line for blocking via iptables..

iptables -I INPUT -s 219.136.254.102 -j DROP
---------------------------------------------------------------------------

You can use apf with bfd for doing it simply..

BFD will find Brute Force attempts and block them.

Using apf you can block an IP very simply by
#apf -d 219.136.254.102