How to Deny/Blacklist Unauthorized IP Write Access Attempts on LAMP Server?

Recently, Spammers found world-writable folders (such as those needed by certain wordpress plugins) and uploaded rogue .htaccess/.php files to us开发者_如何学Pythone my (Ubuntu Linux 11.04) unmanaged VPS (Linode) as a proxy where from spam message links would arrive for redirection to other servers.

What I noticed was that these spambots do a recursive directory scan for writable directories (presumably over port 80). The rogue files were actually uploaded via the www-data user/group (I don't have anon-ftp, or weak ssh, so I'm assuming also via 80).

What I think I'd really like is some sort of security mechanism which triggers an IP to get blacklisted via .htaccess as well as fire an email to me the moment an unauthorized IP addy decides to sneak an upload.

I'm guessing that somehow a firewall daemon will be required for monitoring the IP information, but am unsure about how to conduct the blacklisting of the unauthorized IP addresses attempting to write to a directory. My gut would be to write a shell script which checks for log files created by the firewall, extract any offending IP's and write them into an .htaccess deny tag. Would anyone kindly point me to anything that already accomplishes this, or help me get started with the proper resources?

---

I'm stuck wih the same problem and i maybe have found the answer on your problem. Here is a auto ban script written in php.

I haven't got to try it yet but i'm shure going to tonight. Good luck to you T3X