First off, very nicely done. Love the breakdown and that IPTables loop script is awesomely useful too.
Don't they often spoof IPs so banning that stops them right now, but they're back in an hour on another IP?
Also, using the auth log, is that a guarantee these are all attacks, or is it possible some were "good guys"? [just playing devil's advocate here]
Gonna do something like this on my servers, see what I get out of it :)
I was just thinking this. They could definitely use a VPN or some other proxy to mask their IP address.
Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment's permalink.
Hide child comments as well
Confirm
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
First off, very nicely done. Love the breakdown and that IPTables loop script is awesomely useful too.
Don't they often spoof IPs so banning that stops them right now, but they're back in an hour on another IP?
Also, using the auth log, is that a guarantee these are all attacks, or is it possible some were "good guys"? [just playing devil's advocate here]
Gonna do something like this on my servers, see what I get out of it :)
I was just thinking this. They could definitely use a VPN or some other proxy to mask their IP address.