That would be my recommnedation - though I'm not sure that denyhosts is installed with that package anymore - seems to me I had to install it separately from <a href="http://sourceforge.net/projects/denyhosts/files/denyhosts/2.6/">http://sourceforge.net/projects/denyhosts/files/denyhosts/2.6/</a>. Dfix + Denyhosts *definitely* does exactly what you're looking for, Chris, with the added step of listing IP addresses in the hosts.deny file (denyhosts does this.)<div>
<br></div><div><br><br><div class="gmail_quote">On Tue, Dec 13, 2011 at 5:39 PM, Kevin Anderson <span dir="ltr"><<a href="mailto:kAnderson@digital-adrenaline.com">kAnderson@digital-adrenaline.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Does this do what you need?<br>
<br>
<a href="http://www.compassnetworks.com.au/shop/free-bundle-p-78.html" target="_blank">http://www.compassnetworks.com.au/shop/free-bundle-p-78.html</a><br>
<br>
Great support from Compass Networks, can't say enough good about that, actually. They were friendly and solved my install issue quickly and accurately.<br>
<br>
I'm not 100% sure of who I specifically talked to, but I've cced the address here so they can comment on exactly what and how their software fits together. I just got it installed yesterday (I was their first 5108R customer, so I was high maintenance for them) and haven't looked at it yet. I didn't see any instructions, at least not so far.<br>
<br>
Kev.<br>
<div class="HOEnZb"><div class="h5"><br>
<br>
<br>
----- Original Message -----<br>
From: <a href="mailto:cwallace@wcnet.org">cwallace@wcnet.org</a><br>
Sent: Tue, 12/13/2011 3:27pm<br>
To: <a href="mailto:blueonyx@mail.blueonyx.it">blueonyx@mail.blueonyx.it</a><br>
Subject: [BlueOnyx:09227] multi login attempts<br>
<br>
while pam is nice it dosnt block from mutiple name attacks. it only seems<br>
to block if the same name is failed at x number times. which is set in the<br>
admin screen.<br>
<br>
I am not ver good at making linux scripts but having to deal with the<br>
attempted hacking latly I would like to see if someone would have any idea<br>
on how to make the following script.<br>
<br>
I would like a script when there is a login attempt from an ip address<br>
that if it is tried x number of times that ip address is block in the<br>
iptables for y time.<br>
<br>
x would be a varible that would be the number of times allowed before the<br>
ip is blocked.<br>
<br>
y would be the duration that the ip would be blocked in the iptables.<br>
<br>
I think this would greatly help me in stoping the dos attacking I been<br>
having on our blueonyx server stacks.<br>
<br>
would even be more awesome if this was added to the admin screens of<br>
blueonyx.<br>
<br>
thx in advanced for any help.<br>
<br>
chris<br>
<br>
_______________________________________________<br>
Blueonyx mailing list<br>
<a href="mailto:Blueonyx@mail.blueonyx.it">Blueonyx@mail.blueonyx.it</a><br>
<a href="http://mail.blueonyx.it/mailman/listinfo/blueonyx" target="_blank">http://mail.blueonyx.it/mailman/listinfo/blueonyx</a><br>
_______________________________________________<br>
Blueonyx mailing list<br>
<a href="mailto:Blueonyx@mail.blueonyx.it">Blueonyx@mail.blueonyx.it</a><br>
<a href="http://mail.blueonyx.it/mailman/listinfo/blueonyx" target="_blank">http://mail.blueonyx.it/mailman/listinfo/blueonyx</a><br>
</div></div></blockquote></div><br></div>