I got tired of those #¤%/¤# spammars and made this script to make my life easier. https://sami.mattila.eu/tech/fail2ban#main Sam
I use recidive jail to ban repeat offenders for a week. That works for me and if that IP sometime gets a new owner they can use that IP eventually. There are also collected lists of IP-numbers so those can be added to fail2ban before they attempt to guess passwords on your host.
There are probably many ways to improve that script. Using this command we can see who the real spammers/offenders are. Code: zgrep -h "Ban " /var/log/fail2ban.log* | awk '{print $NF}' | sort | uniq -c | sort -n | tail -100 After that it's only a matter of importing a new list every day/week or so using cron. When IP's change hand the number of offenses will drop and eventually be removed from the import list.
Nice Project. However, I don't like this forever bans. A week should be enough Have a look at this project: https://github.com/trick77/ipset-blacklist It is faster that fail2ban (faster lookup of blocked IPs) and maintains lists of known spammer IPs to block.