I suppose there's a word for this: that as soon as you find a solution to a problem, you'll find another solution to the same problem.
I've blogged about
fail2ban here,
here and
here. It's a python script which monitors my /var/log/auth.log for multiple authentication failures, and if there are too many entries from one IP address, will run `iptables -I INPUT 1 -i eth0 -s
-j DROP`. So script kiddies trying ssh login attacks get their IPs banned and my auth.log doesn't get filled with their crap.
Zonker writes about another python script doing the same thing in Unix Review this month: Tool of the Month: DenyHosts. Reading the article, it looks as if the only additional feature DenyHosts has that fail2ban doesn't, is that (quoting Zonker) 'you can choose whether to block all services or just SSH. The BLOCK_SERVICE variable can be set to BLOCK_SERVICE = ALL or BLOCK_SERVICE = sshd.'
DenyHosts is available as an .rpm, as a source .rpm or as a tarball, and its home page is here at sourceforge.
On the basis of 'if it ain't broke, don't fix it', I'm sticking with fail2ban.