Checkout the SSH auth log and write all IPs with > 100 failed attempts
into banned_ips.txt in home (one IP per line).
Then, configure a cron job that runs every 5 min and overwrites it.
