SSH Hack Checker is a perl script which parses syslog's auth.log for unsuccessful ssh login attempts. If it detects such attempts it tries to find an abuse email adress from the whois database and writes an email to it. It also detects successful hacks and writes an email to the admin.
The script is available here.
* 2005-12-18 ssh_hack_checker.pl v0.3.1 available - fixes little bug with multiple logfiles
* 2005-12-16 ssh_hack_checker.pl v0.3 available - multiple logfiles support
* 2005-11-05 ssh_hack_checker.pl v0.2.1 available - "unlink /var/log/ssh.log" changed to "unlink logfile"
* 2005-10-14 ssh_hack_checker.pl v0.2 available
* 2005-09-11 ssh_hack_checker.pl v0.1 available