I'm currently running security/py-fail2ban on all my servers to prevent brute-force attacks. Initially, there was a great reduction of spam in my logs. Lately, however, there are pages of input_userauth_request [preauth] entries in my auth.log file. They're not getting anywhere; access is two-factor with pubkey only and root logins are disabled but it's annoying. I mean, there are sometimes dozens of pages I need to scroll through every single day. My PF table is growing exponentially, I've resorted to never unbanning these damned bots, but I wonder if there is another (better) alternative. Someone mentioned security/sshguard, is this program considered better practice among system administrators? Futher, what do you guys do about the auth.log entries? I'm not exaggerating when I say there are dozens of pages worth of failed attempts! Why would there have been an immediate reduction of these entries after first deploying Fail2Ban, only to see a return to previous levels weeks later?