Hello all I notice several automated break-in attempts appearing in /var/log/messages regarding sshd. A small sample: Nov 7 14:34:10 d8400 sshd[18607]: Invalid user a from 71.129.198.189 Nov 7 14:34:11 d8400 sshd[18609]: Invalid user aaron from 71.129.198.189 Hundreds of entries like the above, working their way through every English letter using common first names, also names of services like Apache. I ran across this Novell Cool Solutions article: http://www.novell.com/coolsolutions/trench/16341.html It describes the use of a shell script, run once per minute using a cron job, that parses information from /var/log/messages and adds offending IP addresses to /etc/hosts.deny. I saved the script as ssh-block.sh in my home folder, in a subdirectory named cronjobs. I used su to become root and ran crontab -e, and added the script to run once per minute. Entries in /var/log/messages confirm that the shell script is indeed being run every minute, but the contents of /etc/hosts.deny hasn't changed at all, despite the presence of failed sshd log-ins (also written to /var/log/messages). Can someone knowledgeable about shell scripts take a look at the URL above and see if there is a problem with the script? If not, what did I do incorrectly? What's the proper way to run this job regularly? I assume it must be run as root, both to read /var/log/messages and to write to /etc/hosts.deny. Dan