Well!
Since some months, a guy is annoying me. Or lets say, my vsftpd server!

He tries to login at my ftp server via bruteforce attack.
So i build a programm (c++) to ban such attempts!

It can be downloaded at ftp://ipkg:ipkg@the29.ath.cx/vsftpd_banner_thE29.ipk
(just ipkg install url)
It installs a binary file to /opt/bin called vsftpd_banner

When you start the program, it waits for NEW log lines at /opt/var/log/vsftpd.log (you can change this via parameter).
If the line contains FAIL LOGIN it parses out the IP + username. If the same IP was not able to login after 3 attempts, it bans the IP.
The auto release is after 10 minutes.
Most of these parameters you can change.
Just say vsftpd_banner --help to show the parameter.

I start the program this way: "vsftpd_banner -lf:/opt/var/log/ban_vsftpd.log &"
So the program logs to ban_vsftpd.log (all other things are default).

Here is my log from yesterday:
Wed Sep 17 01:43:37 2008: Failed login attempt: Wed Sep 17 01:43:36 2008 [pid 6862] [Administrator] FAIL LOGIN: Client "87.241.52.130"
Wed Sep 17 01:43:37 2008: New Fail user registered: Administrator IP: 87.241.52.130
Wed Sep 17 01:43:40 2008: Failed login attempt: Wed Sep 17 01:43:39 2008 [pid 6862] [Administrator] FAIL LOGIN: Client "87.241.52.130"
Wed Sep 17 01:43:40 2008: Found user: Administrator with IP: 87.241.52.130 and error cnt 1 in list!
Wed Sep 17 01:43:40 2008: Raise user error count(2): 87.241.52.130[Administrator]
Wed Sep 17 01:43:42 2008: Failed login attempt: Wed Sep 17 01:43:41 2008 [pid 6862] [Administrator] FAIL LOGIN: Client "87.241.52.130"
Wed Sep 17 01:43:42 2008: Found user: Administrator with IP: 87.241.52.130 and error cnt 2 in list!
Wed Sep 17 01:43:42 2008: Raise user error count(3): 87.241.52.130[Administrator]
Wed Sep 17 01:43:42 2008: BAN this ass with IP: 87.241.52.130
Wed Sep 17 01:53:45 2008: UNBAN user (Administrator) with IP: 87.241.52.130
The ban is not just for ftp! It bans the complete traffic from this IP via iptables.