Am 26.07.2016 um 19:55 schrieb Lefteris Tsintjelis: > On 26 Jul 2016, at 20:36, Benny Pedersen <m...@junc.eu> wrote: >> >> fail2ban based on pbl, but in fail2ban whitelist isp you have users in > > Is log parsing the only way? >
fail2ban is a good choice iptables with string and recent is another way like https://sys4.de/de/blog/2015/11/07/abwehr-des-botnets-pushdo-cutwail-ehlo-ylmf-pc-mit-iptables-string-recent-smtp/ or https://sys4.de/de/blog/2012/12/28/botnets-mit-rsyslog-und-iptables-recent-modul-abwehren/ but it may overkill your server and examples may not fit your problem exactly Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG, 80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein