I was lucky enough to seize a “Raspberry Pi Colocation“-slot for my Raspberry Pi.
To secure it further I just recently installed fail2ban.
The software basically detects login attempts and blocks the IP for some limited time in the future. This prevents a depletive password guessing for server logins.
I was interested in the password-guessers` country of origin. Now I can confirm, at least for my Raspberry Pi, that most attacks come from China.
the quick and dirty command for this looks like this: (you need to have ‘whois’ installed)
for i in `sudo cat /var/log/fail2ban.log | sed 's/.*[Bb]an \(.*\)/\1/' | sort | uniq | cut -d ' ' -f 1 | grep "\."`; do
echo $i; whois $i | grep country\: |head -n 1 >> fail2ban_ctry.log ;
cat fail2ban_ctry.log fail2bancry2.log | sed 's/country: //g' |sort | uniq -c |sort -nr