BanFromLog is a shell script that examines your /var/log/auth.log and searches for the IP addresses of login attempts which use non-existent user names.
BanFromLog is configured for use with sqlite or MySQL.
Well is truth that if you have only an user, you don't need this but, when you have hundreds or even thousands, users, many of them could have an insecure password (even if you have warned them or have some special modification in the passwd command to prevent this).
You can receive other kinds of attacks via SSH port from those IPS which first attempted only a couple of illegal users. (illegal user: user that doesn't exists).
Your CPU can be slower with this kind of brute force attacks, even if you have put a maximum attempts or whatever, because this kind of attacks are done with many "zoombies".
You can prevent attacks in many servers if you use a centralized MySQL server, all servers insert ips of attackers and one attacker, probably will only attempt to one server.
· sqlite or MySQL
What's New in This Release:
· Prints in HTML the list of banned IPs (the previous version, in the option "show", only looked in the "actual" log and not in the database).
· A bug has been corrected in the MySQL version (iptables -i ... s ip -j DROP).