Blocking ips or domains using htaccess file

[vesterman]

I am getting Logwatch reports daily from my server.
I want to block this:

Unknown Entries:
authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=dog.xyzdns.net : 3766 Time(s)

The day before, I put
deny from *.xyzdns.net in the htaccess file for my main site.
The entry above showing 3766 times(s) is the next day, after I made the entry into the htaccess file.

So I am guessing that the htaccess file on the main site won't do it, it needs to be at the server level.

How do I go about this? I thank all in advance who help with this.
In the meantime I will keep searching for a solution.

 

[Amin Taheri]

if you want to do it on a server level you should use a firewall. Check out APF, its pretty good, but there are a lot out there if you dont like it.

with APF you can block a host by going:

apf -d IP/CIDR comment goes here

An Example:

apf -d 10.0.0.0/8 blocking this host becuase I dont like them

You can also do this in iptables

sbin/iptables -I INPUT   1 -s ip.of.host.to_be_blocked -j DROP
/sbin/iptables -I OUTPUT  1 -d ip.of.host.to_be_blocked -j DROP
/sbin/iptables -I FORWARD 1 -d ip.of.host.to_be_blocked -j DROP
/sbin/iptables -I FORWARD 1 -s ip.of.host.to_be_blocked -j DROP

you can also download gShield and configure it.
Then you simply put the system in the /etc/hosts.deny file
and on the next cycle they'll automatically be blocked. Or you can do it manuualy by:

echo "207.45.6.0/24" >> /etc/firewall/conf/blacklisted_hosts
/etc/firewall/gShield.rc --restart

Hope that gives you a starting point.