DenyThem is a software designed to protect your Linux system from malicious attacks. DenyThem by default uses /var/log/syslog and /var/log/auth.log and searchs for hack attempts. When DenyThem finds enough hack attemps from a single host it will add a DROP statement to your systems firewall, thus preventing future attacks.
I was recently being attacked by a series of Russian hosts which were trying poison my DNS server. Since this REALLY irked me I added the ability to set flags and regular expressions to the DenyThem batch process and of course I added a flag for DNS attacks. I also found a number of attacks coming from China and Russia that DenyThem was catching. I've decided to just drop ALL traffic from Russia and China so I've added the ability in DenyThem to block countries.
1. Save/extract denythem.pl to: /usr/local/sbin/denythem.pl
2. Run: sudo apt-get install libdate-pcalc-perl
3. Run sudo crontab -e
4. Add this to cron: 30 * * * * /usr/local/sbin/denythem.pl
5. Optional: Add or remove countries in the top of the denythem.pl file. You can also add flags or other logs. I plan on making a UI for this at some point.