Automatically Blacklist Failed Auth Attempts Via htaccess?
Solution 1:
Do you have root access to the server? There are a few programs that monitor log files for changes, checking for failed auth attempts. After X many failed attempts (user configurable) they then block the originating IP address (temporarily, if desired).
The two that I can remember are:
Fail2ban: install with
sudo apt-get install fail2banin Ubuntu then change the /etc/fail2ban/jail.local file (if it doesn't exist, justsudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local). The options in 'jail.local' are pretty self-explatatory but if you want more info you can check out the documentation at http://www.fail2ban.org/wiki/index.php/Main_PageBlockHosts: (it's a little older, i'm not sure if it's still up to date) To install, follow the instructions at http://aczoom.com/cms/blockhosts
there are probably a whole heap more...
Solution 2:
I don't think Apache has any built-in feature that will allow you to do this. Here is something that should work, but is kind of hacky:
- Write a cron job that parses the Apache error log, looking for entries that contain "authentication failure"
- When a certain IP address has X number of authentication failures, then deny it.
- Denying the IP can be accomplished via an Apache access control, or you might be able to use the
/etc/hosts.denyfile.
You should be able to automate all that via a single cron job.