Post AdPkXmWNTU5TAtBty4 by gabriel@mastodon.samfira.com
 (DIR) More posts by gabriel@mastodon.samfira.com
 (DIR) Post #AdPjwN4B9UcbVtA8Ya by gabriel@mastodon.samfira.com
       2024-01-01T21:17:13Z
       
       0 likes, 0 repeats
       
       A while back, I wrote a small project for fun, that works like ngrok/serveo. It has a SSH server written in Go, that just does port forwarding.Now, this server doesn't support password authentication, but I did enable the password auth callback, so I can log the IP, username and passwords used by brute force attempts.I created some graphs from the data. Top 10 countries, top 10 usernames, top 10 passwords and attempts for the past 30 days.
       
 (DIR) Post #AdPkXmWNTU5TAtBty4 by gabriel@mastodon.samfira.com
       2024-01-01T21:24:00Z
       
       0 likes, 0 repeats
       
       The most persistent IP address tried to log in for a total of 30.403 times. It is an Amazon EC2 instance in Germany. Runner up tried a total of 29.470 times. Top 5 (excluding the actual IP):sqlite> select country,attempts from remote_addresses order by attempts DESC limit 5;Germany|30403Indonesia|29470Brazil|28807China|27238Brazil|19528Dataset starts on August 8 2023.I need to aggregate IPs into subnets and run a whois. Curious which ISPs are the most popular.