make it invisible to those ip..

#! /bin/bash
#
IP=`echo $* | sed ‘s/^.* from //’ | awk ‘{print $1}’ | sed ‘s/::ffff://’`
ATTEMPTS=`grep $IP /var/log/secure | grep “Failed password for”  | wc -l`

if [ $ATTEMPTS -gt 2 ] then
route add $IP lo
MINUTES=`expr $ATTEMPTS – 2`
echo “route del $IP lo 2> /dev/null” | at now +$MINUTES minutes 2>&1 > /tmp/.bad_user.$$
(hostname ; echo $* ; echo “IP=$IP” ; echo “ATTEMPTS=$ATTEMPTS” ; \
echo “Blocking for $MINUTES minutes” ; \
cat /tmp/.bad_user.$$ ) | Mail -s “bad user” root
fi

rm -f /tmp/.bad_user.$$
~

Get Free Email Updates!

Signup now and receive an email once I publish new content.

I will never give away, trade or sell your email address. You can unsubscribe at any time.

Like

Related Post

Anything to add?

X