[imp] Block IP
Ken Weaverling
weave at dtcc.edu
Fri Mar 27 12:58:56 UTC 2009
http://www.ossec.net/
It does what you said. It will monitor log files and put temporary blocks
on IPs, email reports, and is very customizable.
The default config is very effective.
On Fri, 27 Mar 2009, Filipe Azevedo wrote:
> Hi,
>
> I had the same issue, so I ended up developing a script to run through the
> logs and match failed logins from the same IP during a given time period.
> Whenever an IP address failed over a given amount of logins, the script would
> generate a .htaccess file, thus preventing the IP from accessing the site.
>
> Note that this is just the basic concept of this mechanism, it would be
> advisable to implement some kind of history and unblock mechanism, because
> the thresholds will end up failing one way or another.
>
--
Ken Weaverling, RHCE, weave at dtcc.edu
Systems Administration Director
Delaware Technical & Community College
+1 302 453 3776
More information about the imp
mailing list