I was lucky enough to seize a “Raspberry Pi Colocation“-slot for my Raspberry Pi.
To secure it further I just recently installed fail2ban.
The software basically detects login attempts and blocks the IP for some limited time in the future. This prevents a depletive password guessing for server logins.
I was interested in the password-guessers` country of origin. Now I can confirm, at least for my Raspberry Pi, that most attacks come from China.
1 2 3 4 5 6 7 8 9 | 110 CN 2 UA 2 RU 2 DE 1 VN 1 PE 1 KR 1 CZ 1 BD |
the quick and dirty command for this looks like this: (you need to have ‘whois’ installed)
1 2 3 4 | for i in `sudo cat /var/log/fail2ban.log | sed 's/.*[Bb]an \(.*\)/\1/' | sort | uniq | cut -d ' ' -f 1 | grep "\."`; do echo $i; whois $i | grep country\: |head -n 1 >> fail2ban_ctry.log ; done cat fail2ban_ctry.log fail2bancry2.log | sed 's/country: //g' |sort | uniq -c |sort -nr |