> Fail2ban is not useful in your case since it only counts logins from ip > addresses, not blocking user names Doesn't fail2ban count what it's taught to count.? If there is some distinct log messages you could regex for, it's an option. (On a Debian box you could check /etc/fail2ban/filter.d for some examples.)