So I installed nodeworx a week or so ago (loving it…), but last night my server got some undeserved attention. Some 900 attempts to login to my user accounts. It was some script on a cracked box for sure.
I’ve been looking over APF, but I can’t seem to find a feature to watch for the same IP trying multiple accounts, then having that IP automatically added to the firewall for blocking.
Am I missing something in apf? Or should I install a 3rd party script such as http://sourceforge.net/projects/fail2ban ? Which would work best with APF?
And is mod_security a necessity? I don’t resell hosting so there are no real script loopholes that I wouldn’t be aware of. I think…