So I left my ssh port open on one of my systems.. and gathered up some logs.. A script was created to collect the information needed from all the failed attempts from the variety of unwanted people.
So far the script:
- looks for failed password attempts on auth.log,
- gets the country code from a whois lookup from each unique IP address
- makes the country code to a country name
- tries to get the city from ipinfo.io and falls back to country name if need be
- and finally exports everything to a nice csv so we can import to Excel to get some pretty graphs
Script is available here:
Now the data.csv was imported into Excel and voilà... here is some statistics with some pretty graphs.
First unexpected statistic was Turkey coming 3rd in front of Russia.. well played neighbors!
And saving the prettiest for last, bing map of the Source Countries:
And while we are on the subject of ssh security.. fail2ban is very interesting.
Hope you enjoyed that :)
Stay tuned for more