DEV Community

Yaroslav Polyakov
Yaroslav Polyakov

Posted on

topip: who abusing your server?

One day you check logs and see your mail.log or access.log is 10 times bigger then usual. Need to find reason, and better to find it sooner!

For webserver, maybe someone is aggressively downloading/crawling/scraping your website or runs vulnerability scanner or bruteforce passwords. For mailserver, maybe someone is sending spam or bruteforce passwords. Or something else.

topip can quickly find top-N of IPv4 addresses in your logs.

topip /var/log/mail.log
...
    8405 92.155.149.266
    8496 35.142.45.298
   66340 127.0.0.1
Enter fullscreen mode Exit fullscreen mode

or

grep "SASL LOGIN authentication failed:" /var/log/mail.log | topip
Enter fullscreen mode Exit fullscreen mode

with -g key you can grep lines which has any IPv4 (and omit lines without IPv4). With -i only IPv4 addresses will be printed.

topip -g /var/log/mail.log

Oct  9 05:48:25 mx postfix/smtpd[2166]: connect from unknown[191.211.100.228]
Oct  9 05:48:26 mx postfix/smtpd[2162]: connect from unknown[103.129.202.216]
Oct  9 05:48:30 mx postfix/smtpd[2166]: warning: unknown[191.211.100.228]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Enter fullscreen mode Exit fullscreen mode

Topip is written in Golang and very fast.

You can achieve similar effect with sed/awk/sort/uniq, but isn't it easier to write topip filename.log?

https://github.com/yaroslaff/topip

Image of Timescale

Timescale – the developer's data platform for modern apps, built on PostgreSQL

Timescale Cloud is PostgreSQL optimized for speed, scale, and performance. Over 3 million IoT, AI, crypto, and dev tool apps are powered by Timescale. Try it free today! No credit card required.

Try free

Top comments (0)

Sentry image

See why 4M developers consider Sentry, “not bad.”

Fixing code doesn’t have to be the worst part of your day. Learn how Sentry can help.

Learn more

👋 Kindness is contagious

Dive into an ocean of knowledge with this thought-provoking post, revered deeply within the supportive DEV Community. Developers of all levels are welcome to join and enhance our collective intelligence.

Saying a simple "thank you" can brighten someone's day. Share your gratitude in the comments below!

On DEV, sharing ideas eases our path and fortifies our community connections. Found this helpful? Sending a quick thanks to the author can be profoundly valued.

Okay