How to slow down wrong password logins?

My asterisk is on the Internet and I keep getting wild attempts to log in.

I use port 5070 instead of the default and my IP is dynamic changing at least once a day. As a result, hackers manage to discover my asterisk only about once a week. But it is still a nuisance.

I would like to counter with two steps:

  1. Slow the response to a wrong password attempt to, say, two seconds.
  2. Make a failed login to trigger a script to notify me so that I can refresh my DHCP lease to get a new IP address as soon as I get to know it.

Are both of the above possible?

You can use AMI events to trigger an script after a failed login

You should:

  1. Make sure passwords are strong;
  2. Configure your site firewall to block port 5070 access from outside;
  3. If (2) is not possible, use fail2ban to parse the logs and dynamically add specific firewall rules.

Fail2ban working beautifully and catching the intruders.

Some interesting points here, fail2ban though as mentioned is very good.