Guess it's time to give back to the community....a few years ago, I wrote a custom script to continually tail out lines at a time from /var/log/auth.log and null route the bad ip's....to date, I have 4316 ip's null routed.  I have the following script running as a background job initiated from /etc/rc.local     hope this is helpful to people.

----begin----
#!/bin/bash
# script to sense bad ssh or ftp login tries from the same ip address
while [ 1 ];
do
# block known linux service user accounts ssh attempts
previous=0;
i=0;
for badip in `awk '/sshd/ && /Failed password for /' /var/log/auth.log | egrep -i "root|bin|daemon|adm|lp|sync|shutdown|halt|mail|news|uucp|operator|games|rpm|vcsa|rpc|xfs|apache|rpcuser|sshd|ftp|kamphor|named|messagebus|haldaemon|ntp|openvpn|x11|polkituser|avahi|avahi-autoipd|htdig|pulse" | awk '{print $11}'|  tail -100 | sort | uniq`;
do
                if ! `grep -q $badip /etc/hosts.deny`; then
                        echo "ALL: $badip" >> /etc/hosts.deny;
                        echo "route add -host $badip gw 127.0.0.1" >> /etc/routeblock.sh
                        route add -host $badip gw 127.0.0.1;
                fi
done

# null route any attempt at non-existant users for ssh attempts
previous=0;
i=0;
for badip in `awk '/sshd/ && /invalid user/ {print $13}' /var/log/auth.log | tail -100 | sort | uniq`;
do
                if ! `grep -q $badip /etc/hosts.deny`; then
                        echo "ALL: $badip" >> /etc/hosts.deny;
                        echo "route add -host $badip gw 127.0.0.1" >> /etc/routeblock.sh
                        route add -host $badip gw 127.0.0.1;
                fi
done
# scan for behavior - probe ssh then try password
previous=0;
i=0;
        # first loop- check for ssh probe
for badip in `awk '/sshd/ && /not receive identification string/ {print $12}' /var/log/auth.log | tail -2`;
do
        if [ $previous == $badip ]; then
                i=`expr $i + 1`;
        #       echo "in spoofed checker $badip $i"
        else
                i=0;
        fi
        #echo "these are the bad ip addresses: $badip $previous $i";
        previous=$badip;
done
        # end first for loop
        #start second loop - check for failed logins
for badip2 in `grep $badip /var/log/auth.log | awk '/sshd/ && /Failed/ {print $11}' | tail -2`;
do
        if [ $previous == $badip2 ]; then
                i=`expr $i + 1`;
        #       echo "in spoofed checker $badip2 $i"
        else
                i=0;
        fi
        if [ $i -ge 3 ]; then
                if ! `grep -q $badip2 /etc/hosts.deny`; then
        #               echo "not found in hosts.deny file";
                        echo "ALL: $badip2" >> /etc/hosts.deny;
                        echo "route add -host $badip2 gw 127.0.0.1" >> /etc/routeblock.sh
                        route add -host $badip2 gw 127.0.0.1;
                fi
        fi
        #echo "these are the bad ip addresses: $badip2 $previous $i";
        previous=$badip2;
done
        #end second loop

# scan for spoofed domains or hosts for ssh attempts
previous=0;
i=0;
for badip in `awk '/sshd/ && /Address/ && /does not map back/ {print $7}' /var/log/auth.log | tail -3`;
do
        if [ $previous == $badip ]; then
                i=`expr $i + 1`;
#               echo "in spoofed checker $badip $i"
        else
                i=0;
        fi
        if [ $i -ge 2 ]; then
                if ! `grep -q $badip /etc/hosts.deny`; then
                        echo "ALL: $badip" >> /etc/hosts.deny;
                        echo "route add -host $badip gw 127.0.0.1" >> /etc/routeblock.sh
                        route add -host $badip gw 127.0.0.1;
                fi
        fi
#       echo "these are the bad ip addresses: $badip $previous $i";
        previous=$badip;
done

# scan for failed ftp attempts
previous=0;
i=0;
for badip in `awk '/proftpd/ && /Maximum/ {print $7}' /var/log/auth.log | awk -F\( '{print $2}' | awk -F\[ '{print $2}' | awk -F\] '{print $1}' | tail -2`;
do
        if [ $previous == $badip ]; then
                i=`expr $i + 1`;
#               echo "in ftp section $badip $i"
        else
                i=0;
        fi
        if [ $i -ge 1 ]; then
                if ! `grep -q $badip /etc/hosts.deny`; then
                        echo "ALL: $badip" >> /etc/hosts.deny;
                        echo "route add -host $badip gw 127.0.0.1" >> /etc/routeblock.sh
                        route add -host $badip gw 127.0.0.1;

                fi
        fi
#       echo "these are the bad ip addresses: $badip $previous $i";
        previous=$badip;
done

# block all admin logins to ftp
previous=0;
i=0;
for badip in `awk '/proftpd/ && /no such user found/' /var/log/auth.log | egrep -i "Administrator" | awk '{print $17}' | cut -f2 -d[ | cut -f1 -d] | sort | uniq`;
do
                if ! `grep -q $badip /etc/hosts.deny`; then
                        echo "ALL: $badip" >> /etc/hosts.deny;
                        echo "route add -host $badip gw 127.0.0.1" >> /etc/routeblock.sh
                        route add -host $badip gw 127.0.0.1;

                fi
done

sleep 1;
done
----end----

I nearly lost my whole filesystem. It's a good thing I had a backup core system on reiserfs to boot from and run fsck. from what I understand, it's a problem with the ext4 journaling system and metadata. this link has info on the journal problem...which may have already been patched in the current kernels. http://lwn.net/Articles/284037/ wiki page for ext4 - bottom has a fix for the problem: http://wiki.archlinux.org/index.php/Ext4 essentially, mounting and ext4 filesystem with option "data=ordered" helped my system out. since I have enabled this mount option, my filesystem is now stable even after hard reboots or power failures. Hope this helps out people as it did me! -Kamphor