Hi all, you probably also get your logfiles flooded with lines reporting failed login attempts via ftp or ssh from remote sites.
Although I believe my passwords are safe, I find these entries pretty annoying, and therefore looked for a way to deny the sites in question further login attempts using the tcpwrapper config file, /etc/hosts.allow. There are many tools out there on the net who manage this task, but I found them kind of overkill, and many of them require additional programming languages to be installed on the system. I also found "port knocking" and related stuff not sufficient for my own humble needs. So here's my homebrewed blacklisting toolset, consisting of just two simple shell scripts and a master configuration file. If you just want to maintain a blacklist file for remote sites without blocking them, the "bflogger" script comes in handy. If you want to deny future access to the sites in the blacklist file, call the "pnblocker" script to automagically keep your /etc/hosts.allow up to date. You can also set up new rules for additional services to be monitored, the README included in the archive explains how to do just that. I tested this stuff for about two weeks now, and I'm still having fun watching my blacklist file grow and remote sites bouncing off at the gate. So, maybe this is what you've been looking for, and due to its small size, I dare to directly attach the archive to this post. Enjoy the show --Joerg
