Hello all..
i see a LOT of entryes in brute force log.. so i was thinking of automaticaly baning ips that try to connect to emails that dosent exist on server.
Is someone here so skiled to make me a script liket his?
im thinking like this
1. lets make a file that cron will hit every 60 seconds
2. check brute_log_entries.iist
3. for each IP check if user exists on server
4. if the user in question dosent exist, check ip this IP is already blocked else add IP to blocklist using IPTABLES => iptables -I INPUT -s BLOCK_THIS_IP -j DROP
5. when all entryes processed, rename brute_log_entries to timestamp NOW and empty current file
thats it?
if you think this is a bad IDEA... please let me know why?
i see a LOT of entryes in brute force log.. so i was thinking of automaticaly baning ips that try to connect to emails that dosent exist on server.
Is someone here so skiled to make me a script liket his?
im thinking like this
1. lets make a file that cron will hit every 60 seconds
2. check brute_log_entries.iist
3. for each IP check if user exists on server
4. if the user in question dosent exist, check ip this IP is already blocked else add IP to blocklist using IPTABLES => iptables -I INPUT -s BLOCK_THIS_IP -j DROP
5. when all entryes processed, rename brute_log_entries to timestamp NOW and empty current file
thats it?
if you think this is a bad IDEA... please let me know why?