Hi, We use fail2ban to do that trick.
fail2ban scans your logfiles for failing logins (on different protocols, its pretty flexible, with a bit of magic, you could make it work for Drupal too, i guess) Once an IP passes a threshold for failed logins, a firewall rule is created that blocks the IP. Its configurable how long that firewall rule stays active. -- rgds, Reinier Battenberg Director Mountbatten Ltd. +256 758 801 749 www.mountbatten.net On Wednesday 23 March 2011 15:02:32 David Gelvin wrote: > > Agree. That host most probably runs an implementation of tcpwrappers. I > > tested this by attempting an ssh connection. > > hari@hari-UL30A ~ $ ssh [email protected] > > I was blocked after 6 attempts and I can no longer ping that IP address. > > > > My guess is that each time you reboot your orange modem, it works because > > you get a new public IP address. > > > > I would check the /etc/hosts.deny file on the server for blocked IP > > addresses. > > Yup, they have some sort of brute-force blacklister (denyhosts, or > something similar). I just did a few unsuccessful login attempts to the > neighboring IP (96.30.62.147), and now I can't get access via http or ping > (I was previously able to). > > All I would have to do is keep reconnecting to Orange to get different > outgoing IP addresses, do a few more unsuccessful login attempts, and > voilĂ - the situation would be replicated: that host would be inaccessible > to those Orange IPs.
_______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
