Are there any IP address blacklisting programs for Linux servers that allow the administrator to specify certain conditions that trigger an iptables blacklist on IP addresses scanning for vulnerabilities?
Example:
An IP address scans my web server for every default URL of phpMyAdmin. That's obviously a bot I don't want to be communicating with my server, so I'd like to blacklist its IP address for a day.
What options do I have for stopping those bots?
There are multiple tools in this space; however, I urge caution using them as many have been found to have exploits that make them worse than not having them.
You will also need to decide what service you are protecting. HTTP, SMTP, POP, etc. have different tools.
For example, fail2ban: http://www.fail2ban.org/wiki/index.php/Main_Page
Can be customized to block on various log hits.
You can use fail2ban. It has a lot Configurations Options and can block ips automatically.
I can sugest you to use csf[Config Security and Firewall] software. Because, it has the lot of features such as POP3/IMAP login tracking , Ip-Blocking, LFD , mod-security and so on.
Here is the link to refer the csf.
Take a look at Port Sentry, been around a long time and most distro's have it in their package management system by default. Listens on configured unused ports (e.g Telnet 23) and iptables bans connections to those configured ports.
Its not the most elegant solution but is probably more flexible. Use a combination of Snort, custom rules looking for targeted attacks, and then SnortSam in order to create custom firewall rules. https://www.ibm.com/developerworks/web/library/wa-snort2/ http://codeidol.com/sql/network-security-hack/Network-Intrusion-Detection/Automatically-Firewall-Attackers-with-SnortSam/ Fail2ban is obviously an option, http://blog.shadypixel.com/spam-log-plugin/