LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > LinuxQuestions.org > Linux - News
User Name
Password
Linux - News This forum is for original Linux News. If you'd like to write content for LQ, feel free to contact us.
All threads in the forum need to be approved before they will appear.

Notices

Reply
 
LinkBack Search this Thread
Old 09-19-2013, 04:38 AM   #1
mr51m0n
LQ Newbie
 
Registered: Nov 2008
Posts: 17

Rep: Reputation: 0
Need contributors for SSH attack analysis (website)!


Hi

There is a new website www.badips.com to analyze ssh brute forcers.

If you would like to see statistics about what IPs are targeting your servers, see http://www.netmess.org/examine-your-attackers/ to learn how to report. It's done in 2 minutes.

-- mr51m0n

Last edited by mr51m0n; 09-26-2013 at 02:50 AM. Reason: who did what
 
Old 09-19-2013, 01:41 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,524
Blog Entries: 51

Rep: Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601
Quote:
Originally Posted by mr51m0n View Post
I've made www.badips.com to analyze ssh brute forcers. The site is in beta status at the moment.
Before I move this thread to the LQ Linux News section: what makes yours stand out from say Dshield, myNetWatchman (defunct) or map.honeycloud.net?
 
Old 09-19-2013, 04:23 PM   #3
mr51m0n
LQ Newbie
 
Registered: Nov 2008
Posts: 17

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by unSpawn View Post
Before I move this thread to the LQ Linux News section: what makes yours stand out from say Dshield, myNetWatchman (defunct) or map.honeycloud.net?
Sorry, I missed the News Section!

Well, all this projects seem to be much more mature than mine but I'll try to keep up with some functionality they have. (more categories, a real time world map and treat level etc.)

I'd like to build a cleaner interface and I think its also fine that one does not need to register (with username/password) to get personalized stats. And I want anyone to be able to contribute data with an easy interface and the tools they already use.

But of course, it's yet another tool. Still, do you have fail2ban already in place? then it's 1 minute to personalized stats with no personal data stored somewhere (apart from your IP and attackers of course). I think that's cool?

I encourage people to tell me what features they need, maybe it's a unique tool someday.

-- mr51m0n
 
Old 09-19-2013, 06:40 PM   #4
Habitual
Senior Member
 
Registered: Jan 2011
Distribution: Slack14_64_Multilib
Posts: 2,721
Blog Entries: 3

Rep: Reputation: 627Reputation: 627Reputation: 627Reputation: 627Reputation: 627Reputation: 627
"I’ll also switch the blog language to English."

I like it.
 
Old 09-25-2013, 02:20 PM   #5
Z038
Member
 
Registered: Jan 2006
Distribution: Slackware
Posts: 767

Rep: Reputation: 154Reputation: 154
Nice. However, it looks like you have a bug in the display of the IP Database. Many of the IPs are listed twice. For example, the last few entries in your database look like this:

Code:
46.218.202.82
46.218.202.82
82.47.219.143
82.47.219.143
46.20.35.113
46.20.35.113
92.39.210.44
92.39.210.44
190.40.189.230
190.40.189.230
82.10.195.182
82.10.195.182
89.216.3.75
190.40.124.11
190.40.124.11
190.190.21.20
190.190.21.20
198.24.203.218
198.24.203.218
146.255.13.167
146.255.13.167
41.230.34.144
41.230.34.144
All but one of the above are duplicated.

If you click on one, like 41.230.34.144, you get this:

Code:
The IP 41.230.34.144 is not listed in our database, try one of those:



Found 2 IPs in DB
41.230.34.144
41.230.34.144
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Soca website taken down after LulzSec 'Ddos attack' Jeebizz Linux - News 7 06-22-2011 09:33 AM
Clean up begins after massive website attack Jeebizz Linux - News 0 04-04-2011 10:05 AM
HBGary Attack Analysis Hangdog42 Linux - Security 18 03-10-2011 03:27 PM
SSH 'attack'. How to avoid? fst495 Linux - Security 27 11-26-2008 11:26 AM
Punishing users for SSH attack _kure_ Linux - Security 8 08-16-2007 11:36 PM


All times are GMT -5. The time now is 01:09 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration