LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - News (http://www.linuxquestions.org/questions/linux-news-59/)
-   -   Need contributors for SSH attack analysis (website)! (http://www.linuxquestions.org/questions/linux-news-59/need-contributors-for-ssh-attack-analysis-website-4175477707/)

mr51m0n 09-19-2013 04:38 AM

Need contributors for SSH attack analysis (website)!
 
Hi

There is a new website www.badips.com to analyze ssh brute forcers.

If you would like to see statistics about what IPs are targeting your servers, see http://www.netmess.org/examine-your-attackers/ to learn how to report. It's done in 2 minutes.

-- mr51m0n

unSpawn 09-19-2013 01:41 PM

Quote:

Originally Posted by mr51m0n (Post 5030554)
I've made www.badips.com to analyze ssh brute forcers. The site is in beta status at the moment.

Before I move this thread to the LQ Linux News section: what makes yours stand out from say Dshield, myNetWatchman (defunct) or map.honeycloud.net?

mr51m0n 09-19-2013 04:23 PM

Quote:

Originally Posted by unSpawn (Post 5030897)
Before I move this thread to the LQ Linux News section: what makes yours stand out from say Dshield, myNetWatchman (defunct) or map.honeycloud.net?

Sorry, I missed the News Section!

Well, all this projects seem to be much more mature than mine but I'll try to keep up with some functionality they have. (more categories, a real time world map and treat level etc.)

I'd like to build a cleaner interface and I think its also fine that one does not need to register (with username/password) to get personalized stats. And I want anyone to be able to contribute data with an easy interface and the tools they already use.

But of course, it's yet another tool. Still, do you have fail2ban already in place? then it's 1 minute to personalized stats with no personal data stored somewhere (apart from your IP and attackers of course). I think that's cool?

I encourage people to tell me what features they need, maybe it's a unique tool someday.

-- mr51m0n

Habitual 09-19-2013 06:40 PM

"I’ll also switch the blog language to English."

I like it.

Z038 09-25-2013 02:20 PM

Nice. However, it looks like you have a bug in the display of the IP Database. Many of the IPs are listed twice. For example, the last few entries in your database look like this:

Code:

46.218.202.82
46.218.202.82
82.47.219.143
82.47.219.143
46.20.35.113
46.20.35.113
92.39.210.44
92.39.210.44
190.40.189.230
190.40.189.230
82.10.195.182
82.10.195.182
89.216.3.75
190.40.124.11
190.40.124.11
190.190.21.20
190.190.21.20
198.24.203.218
198.24.203.218
146.255.13.167
146.255.13.167
41.230.34.144
41.230.34.144

All but one of the above are duplicated.

If you click on one, like 41.230.34.144, you get this:

Code:

The IP 41.230.34.144 is not listed in our database, try one of those:



Found 2 IPs in DB
41.230.34.144
41.230.34.144



All times are GMT -5. The time now is 03:51 AM.