Hi,

> Harry Enke wrote:
> > Hi,
> > there is an easy configurable tool for preventing brute force attacks, 
> > it's called "fail2ban". It sifts through logs for attacks on security 
> > critical ports and blocks login attempts from ip-addresses which fail 
> > too often in too short a timeframe (configurable).
> > 
> > http://www.fail2ban.org

I've personally been using:

http://www.aczoom.com/cms/blockhosts

for years now for customers that need ports open to the public internet (ftp,
ssh, etc). BlockHosts can work with various services out-of-the-box and
handles hosts.allow/deny files and/or iptables rules. It also has web
interfaces to display blocked lists and GeoIP maps if you want them.

> Is this in error?
> "Fail2ban scans log files like /var/log/pwdfail or 
> /var/log/apache/error_log and bans IP that makes too many password 
> failures. It updates firewall rules to reject the IP address."
> 
> Examining logs after the event does not provide real-time protection.

I'm not after real-time, the above is good enough for me but I'm interested in
your comment. Is there a better software solution out there?

Michael.