Hi there,

So I installed nodeworx a week or so ago (loving it..), but last night my server got some undeserved attention. Some 900 attempts to login to my user accounts. It was some script on a cracked box for sure.

I've been looking over APF, but I can't seem to find a feature to watch for the same IP trying multiple accounts, then having that IP automatically added to the firewall for blocking.

Am I missing something in apf? Or should I install a 3rd party script such as http://sourceforge.net/projects/fail2ban ? Which would work best with APF?

And is mod_security a necessity? I don't resell hosting so there are no real script loopholes that I wouldn't be aware of. I think.. :)

Thanks!
Tom

I got tired of getting large emails from logwatch with thousands of SSHd login failures, so I moved the SSHd port... If you can't/don't want to do that, bfd (brute force detector) is a great tool ;)
It's made by the same people who make APF as it happens; http://www.rfxnetworks.com/bfd.php

I don't use mod_security, as I only resell to friends or clients, who I make the websites for, and/or I know exactly what scripts they're running.

Thanks for the quick solution! I changed ports and installed bfd, so hopefully that should put an end to the looong emails.

Thats what I thought about mod_security, since I only resell to those I make websites to as well :)