Who want hack my server?

I know that the work of a system administrator it’s hard and I know that now the system administrator could find the right tools (commercial or opensource) for blocking and put away malicious users but this is it a fast way to resolve on the fly.
The first shell script extrapolate and automatically filter the malicious user’s ip from the log file in the unix system.

#!/bin/sh
# author : Alessandro Muratore
# email  : muratore.ale@gmail.com
#
pecora_chk_root(){
 if [ $(whoami) != "root" ] ; then
  pecora_usage
 fi
}

pecora_usage(){
 echo -e "you must be root: \n root ~ # $0 \n or  \n user ~ \$ sudo $0  \n"
 exit
}  

pecora_chk_root

cat /var/log/messages |grep Invalid | awk '{print $10}'|sort | uniq -c |sort -nr | grep -v "      1" |grep -v "      2"|grep -v "      3" 

If  you want to know how many times the have tried to login, put this code:

| awk '{print $2}'

After:

grep -v "    3"

The second shell script block and put the malicious user’s ip on iptables but you need iptables in your system.

#!/bin/sh
# author : Alessandro Muratore
# email  : muratore.ale@gmail.com
# usage  : sshbk.sh [ip]
# example: ./sshbk.sh 127.0.0.1
#
pecora_chk_root(){
 if [ $(whoami) != "root" ] ; then
  pecora_usage
 fi
}

pecora_usage(){
 echo -e "you must be root: \n root ~ # $0 $1\n or  \n user ~ \$ sudo $0 $1 \n"
 exit
}
pecora_chk_root

iptables -I INPUT -s $1 -j DROP
iptables -I OUTPUT -d $1 -j DROP
iptables -I FORWARD -d $1 -j DROP
iptables -I FORWARD -s $1 -j DROP
echo "IP $1 drop"