Re: How to auto-ban access form certain IP addresses?

dnoyeB wrote:
Matt Giwer wrote:
dnoyeB wrote:
I run an RH9 box and someone is constantly trying to break in over the last year. Its not remotely accessible in they way they are trying so I am not concerned. However, I wish I would shut down access from a certain ip address after so many attempts, and send an email to myself. As opposed to watching 1000s of entries in my log each day from the same address.

Is there a manual way to do this? I assume by editing config files for telnet,ssh, etc. Is there an automatic way to do this?

I'll give you a better way. Whois the ip and give them a voice call or email with the date and time of that attack. Don't just block it. Get the boy kicked off line.

Its a good idea but typically these come from Asia and the numbers change about twice a month. I've written over spam as well as attacks and never met a person that gave a ***, even when they have an abuse address associated with the IP block...

OK, Asia.

Let me ask you this. Can you play dumb enough to say the ISP itself appears to be hacking you? And can you find the email of their government? If it is China tell the gov they are trying to make your computer a zombie to spam pro-democracy materials to China. Look for a hot button. You might tell the ISP you are going to report them to the government of democracy or christian or whatever is a local taboo first to give them a chance.

There IS someone there who is fluent in English, period. Don't be shy.

As you use linux, go root and flood ping the hacker's ip for a minute or two to see if they get the message. You might email your ISP as to what you are doing so they will save any complaining email.

--
9/11 was a hurt to national pride. Destroying Iraq was just to feel better.
-- The Iron Webmaster, 3600
nizkor http://www.giwersworld.org/nizkook/nizkook.phtml
book review http://www.giwersworld.org/israel/willing-executioners.phtml a7
.