I am working on preventing persistent attackers from returning. Right now fail2ban will ban for a set period of time and then unban them. I could increase the time of the ban, but that would affect legitimate users that are bad typists. The other issue is that fail2ban rules get cleared if the server is restarted. Granted, this doesn't happen frequently, but I'd prefer a way to automatically add back in the IP addresses that I've deemed 'dangerous' because of their continued attempts to log in via brute force.
What I am currently doing is storing all IP addresses that trigger a fail2ban jail. I can automatically add them to IPTables, but if I do that ISPConfig comes along a short time later and makes it own changes wiping out the changes my script just made. I'd like to be able to integrate with ISPConfig in this regard, but I am not sure where it stores it's rules for what to allow.