Block Attacking IPs

[ylon]

Is there a way to "detect" when a certain attacker is trying an attack and block this ip? For example, today I was watching my logs (seem to be doing more and more... and saw someone trying to brute force into ssh. I subsequently grabbed their ip and blocked that with the firewall, however I would like a way to automate this so that anyone who is hitting the server multiple times for any reason such as ftp login, e-mail, etc. and is unsuccessful will be blocked in the future. How can I do this?

 

[CBiLL]

Yes you can install a BFD .. Brute force detection and have it automallicy add any brute force activitly ips to your firewall but you will need to get APF firewall as well too ..

It will not break Plesk if you install it but be careful not to lock yourself out if you install it remotely and also be sure to open up the port 8443 so you can get into Plesk Control Panel ..

You can set BFD to email you every time it detects it and inform you that it have added the (ip address) into the APF firewall..

Bill