Jonas Trollvik schrieb:
How would you write a program to process error messages and decide which user
accounts to disable?
As to blocking repeated login failures, there are such things.
I agree with you that blocking the ip is better than blocking a login,
that could be easily abused to lock out accounts. Password logins
shouldnt even be enabled if you want a secure setup.
Doesn't pf have ip blacklisting based on certain rules built in?
For such things I use denyhosts which works great for blocking script
kiddies' ssh attacks. It only works with software using tcpwrappers though.
Jan
--
professional: http://www.oscar-consult.de
private: http://neslonek.homeunix.org/drupal/
