I am starting to see a real pattern to all this. I would love to see someone do a case study on spam attacks. Their system seems well honed to scale up with your defenses until they finally have to appear on their real computers like the ovh.net serve..
I got the fail2ban from EPEL. There were a number of issues relating to using a log file… logwatch was looking for both fail2ban and fail2ban.log logrotate file fail2ban added looked for fail2ban.log and then reset itself to syslog fail2ban its..
If I could add something, definitely put ports, if numbers, in quotes…without quotes I got some errors in the logs port=ftp, no quotes…..port=2222 quotes and I added one for vsftp, I use port 5000[vsftpd-iptables]enabled = truefilter = vsftpdact..