UGN Security Forums UGN Security: Knowledge Base Operating Systems *nix & *nix Security ssh/auth/apache security

I have a fair amount of Linux experience, however I am not sure what to do, or how to go about, working on this issue.
Currently I am allowing only a couple of ways to access my machine (300MHz Pentium with Debian Linux Unstable) of which are ftp, http, and ssh. I was looking through my logs and I am getting a bulk of traffic that is obvious script crap. For instance my auth.log is filled with invalid logins of numerous usernames, (alphabetic I may add) and in my Apache logs they are filled with obvious attempts to break Apache, well mostly Windows IIS.
So enough with the scenario, I would like to know how I can make it so that when there are numerous unwanted attempts that I can put their IPs into a blacklist that won't be allowed to connect to my machine at all. So that when that IP tries to connect it doesn't even get to the application. Then perhaps I would like to be able to let that address sit for a period of time before it is let back in, so that I don't block legitimate connections since person's IPs change.
Any help would be greatly appreciated.

Use a non-standard port for SSH, disable Telnet; for your apache you can make a .htaccess file and ban ip's directly (I prefer masks myself); an example would be:

Taken directly from UGN's .htaccess file:

The best way to do this is with the Fail2Ban program which comes with a number of filters to help you accomplish just this. Most distros have this in their repositories, just look around a little. You can also set in your sshd.conf that only certain keys can login or that they authenticate with a private key in addition to/instead of a password.

Most ISP's don't allow access to the firewall, but I guess that would be useful for personal machines.