http://www.ossec.net/
It does what you said. It will monitor log files and put temporary blocks
on IPs, email reports, and is very customizable.
The default config is very effective.
On Fri, 27 Mar 2009, Filipe Azevedo wrote:
Hi,
I had the same issue, so I ended up developing a script to run through the
logs and match failed logins from the same IP during a given time period.
Whenever an IP address failed over a given amount of logins, the script would
generate a .htaccess file, thus preventing the IP from accessing the site.
Note that this is just the basic concept of this mechanism, it would be
advisable to implement some kind of history and unblock mechanism, because
the thresholds will end up failing one way or another.
--
Ken Weaverling, RHCE, we...@dtcc.edu
Systems Administration Director
Delaware Technical & Community College
+1 302 453 3776
--
IMP mailing list - Join the hunt: http://horde.org/bounties/#imp
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: imp-unsubscr...@lists.horde.org
