Tag Archives: ssh

Fail2ban country statistics…

I was lucky enough to seize a “Raspberry Pi Colocation“-slot for my Raspberry Pi.

To secure it further I just recently installed fail2ban.
The software basically detects login attempts and blocks the IP for some limited time in the future. This prevents a depletive password guessing for server logins.

I was interested in the password-guessers` country of origin. Now I can confirm, at least for my Raspberry Pi, that most attacks come from China.

1
2
3
4
5
6
7
8
9
    110       CN
      2       UA
      2       RU
      2       DE
      1       VN
      1       PE
      1       KR
      1       CZ
      1       BD

the quick and dirty command for this looks like this: (you need to have ‘whois’ installed)

1
2
3
4
for i in `sudo cat /var/log/fail2ban.log | sed 's/.*[Bb]an \(.*\)/\1/' | sort | uniq | cut -d ' ' -f 1 | grep "\."`; do
  echo $i; whois $i | grep country\: |head -n 1 >> fail2ban_ctry.log ;
done
cat fail2ban_ctry.log fail2bancry2.log | sed 's/country:  //g' |sort | uniq -c |sort -nr

Flattr this!