Discussion on: Analyzing the Attacks on my Website

rstamperai profile image

First off, very nicely done. Love the breakdown and that IPTables loop script is awesomely useful too.

Don't they often spoof IPs so banning that stops them right now, but they're back in an hour on another IP?

Also, using the auth log, is that a guarantee these are all attacks, or is it possible some were "good guys"? [just playing devil's advocate here]

Gonna do something like this on my servers, see what I get out of it :)

tiffany profile image
Tiffany White

I was just thinking this. They could definitely use a VPN or some other proxy to mask their IP address.