Currently, one of my websites is being subject to a brute force login attempt. The problem is that it is coming form multiple IP sources. I have a system that auto bans IP after 3 attempts and so far the attacker has tried/banned 800 different IPs. I am not really worried about the username/password list he is using since I can see it as they come in but I guess my only worry is system resources.
Still being somewhat new to this kind of thing, I am not sure if I have any other options. Is there anything else you can do against this kind of attack?
Server is running CentOS 6