We published a simple script to help identify and block possible brute-force attempts on a Linux web-server.

The script counts the amount of “bad-actions” an ip has logged in the Apache logs and blocks the ip on port 443.

This script also displays top 20 visitor information using geoiplookup (which should be installed) and performs a whois lookup on the ip that becomes blocked. If mail is configured, you receive email notifications of blocked visitors.

It has a simple ip whitelist in order to ensure you don’t block yourself out by accident.