Use SHELL scripts to prevent brute-force cracking

One of my public network servers, because the website adopts a dual-backup policy, port 21 of vsftpd is opened. Recently, many people are trying to crack vsftpd and ssh, I casually looked at the/var/log/secure log, which is shown as follows:
 
118.33.110.52 = 2834 119.145.254.77 = 37 rows = 226 rows = 35 200.29.110.104 = 168 rows = 250 222.221.2.210 = 373 in addition to 119.145.254.77 and timeout, all other IP addresses are malicious.
 
Because my server is placed behind the LVS cluster, I originally wanted to use the iptables recent module to solve this problem. In addition, CentOS 5.5 x86_64 is installed on the server. iptables does not support this module yet. The following error is returned:
 
Iptables: Unknown error 18446744073709551615. Because the machine is already running important services, I don't want to upgrade the kernel to avoid affecting normal website operations, so the idea of iptables has come to an end; later, I thought of using HostsDeny to solve this problem. I felt that this method was complicated. It would be better to manually write a script to solve this problem. The script content is as follows:
 
#! /Bin/bash cat/var/log/secure | awk '/Failed/{print $(NF-3 )} '| sort | uniq-c | awk' {print $2 "=" $1 ;} '>/root/black.txt DEFINE = "100" for I in 'cat/root/black.txt' do IP = 'echo $ I | awk-F = '{print $1 }' 'num = 'echo $ I | awk-F = '{print $2}' if [$ NUM-gt $ DEFINE]; then grep $ IP/etc/hosts. deny>/dev/null if [$? -Gt 0]; then echo "sshd: $ IP">/etc/hosts. deny echo "vsftpd: $ IP">/etc/hosts. the idea of the deny fi done script is as follows:
 
Since/var/log/secure is round-robin every week, we can view this file each time and use SHELL scripts to count IP addresses with frequent access failures, define a threshold value of 100. If it is greater than 100, put it in/etc/hosts. deny file to prevent them from continuing to access vsftpd and ssh. Then, write it into the crontab plan list and perform troubleshooting at intervals. If the number of IP addresses for next troubleshooting is greater than 100, first, check whether it is in our blacklist. If it is in the blacklist, ignore the past. If not, add it to/etc/hosts. deny file.
 
The last line of my/etc/crontab file is
 
**/1 ** root sh/root/hosts_deny.sh repeats the script every other hour, /var/log/secure is polling once every week, so we can configure the time to execute this script based on the server's actual situation, this cycle can be appropriately reduced for machines with frequent brute force cracking.
 
After my public network machine runs the script for a while, the/etc/hosts. deny file is as follows:
 
Sshd: Small vsftpd: Small sshd: 14.140.172.74 vsftpd: Small sshd: 200.29.110.104 vsftpd: 200.29.110.104 sshd: 202.102.89.81 vsftpd: 202.102.89.81 sshd: 202.78.173.199 vsftpd: 202.78.173.199