Previously we had been using the over-popular Fail2Ban to scan our logs as a temporary fix for the issue. While the anti-DDOS software written by CLDMV takes care of a ton of bans every day. The hacking attempts are still being attempted by some what smarter hackers.
Today we rolled out our first module for log scanning. With SSH probably being the #1 threat to servers out there that is what we chose to target for our scanner. Took several days but the results are amazing. While I can’t divulge the inner workings of the module. Let me just show you the first ban email we got after running it for the first time:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
Banned 29 ips: 115.238.236.84 for 3 weeks, 2 days, 9 hours 116.10.191.170 for 2 weeks, 6 days, 6 hours 116.10.191.171 for 2 weeks, 6 days, 1 hour, 20 minutes 116.10.191.178 for 3 weeks, 14 hours, 24 minutes 116.10.191.181 for 7 weeks, 3 days, 19 hours, 12 minutes 116.10.191.183 for 1 week, 5 days 116.10.191.190 for 1 week, 4 days, 15 hours, 29 minutes, 1 second 116.10.191.198 for 3 weeks, 4 days 116.10.191.199 for 7 weeks, 1 day 116.10.191.202 for 6 weeks, 6 days 116.10.191.206 for 2 weeks, 6 days, 14 hours, 31 minutes, 34 seconds 116.10.191.213 for 2 weeks, 1 day, 3 hours, 47 minutes, 57 seconds 116.10.191.215 for 4 weeks, 4 days, 15 hours, 54 minutes, 23 seconds 116.10.191.220 for 6 weeks, 6 days, 9 hours, 35 minutes, 59 seconds 116.10.191.229 for 12 weeks, 2 days, 53 minutes, 20 seconds 116.10.191.232 for 4 weeks, 4 days, 3 hours 116.10.191.236 for 1 week, 6 days, 12 hours 116.10.191.237 for 1 week, 6 days, 22 hours, 6 minutes, 18 seconds 116.10.191.239 for 4 weeks, 4 days 162.252.243.147 for 2 weeks, 1 day, 17 hours, 57 minutes, 16 seconds 211.154.150.135 for 8 weeks, 6 days, 19 minutes, 59 seconds 218.22.16.12 for 1 week, 4 days, 1 hour, 34 minutes, 53 seconds 219.138.135.64 for 1 week, 2 hours, 49 minutes, 24 seconds 222.163.192.154 for 3 weeks, 6 days, 2 hours, 22 minutes, 19 seconds 42.62.17.250 for 2 weeks, 5 days, 13 hours, 41 minutes, 59 seconds 61.174.49.111 for 6 days, 5 hours, 32 minutes, 18 seconds 61.174.51.215 for 8 weeks, 2 hours, 15 minutes, 59 seconds 61.174.51.217 for 1 week, 5 days, 16 hours, 22 minutes, 51 seconds 61.174.51.227 for 1 week, 6 days, 5 hours, 58 minutes, 59 seconds |
Keep in mind these numbers and bans are simply based upon the past 24 hours of logs.
Update:
This guy takes the cake for CLDMV’s Anti-DDOS software catching a potential intrusion. Just received this email:
|
1 2 3 4 |
Banned 1 ip: 61.174.51.231 for 85 weeks, 5 days, 20 hours, 38 minutes, 42 seconds |
Also the log processing module for SMTP hackers is in place as well now. Here’s the first email for the past 24 hours of attempts:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
Banned 36 ips: 1.22.172.138 for 28 weeks, 5 days, 5 hours, 21 minutes, 35 seconds 105.237.137.36 for 24 weeks, 4 days, 5 hours, 56 minutes 105.237.36.170 for 25 weeks, 4 hours, 15 minutes, 1 second 118.97.191.156 for 5 weeks, 1 day 119.147.213.144 for 5 weeks, 5 days, 12 hours 122.155.197.35 for 6 weeks, 6 days, 16 hours, 24 minutes, 4 seconds 151.8.99.194 for 18 weeks, 2 days, 9 hours, 29 minutes, 43 seconds 178.41.231.192 for 7 weeks, 6 days, 7 hours, 59 minutes, 59 seconds 180.166.96.38 for 2 weeks, 2 days, 4 hours, 47 minutes, 59 seconds 180.250.80.237 for 6 weeks, 6 days, 18 hours 182.73.180.210 for 1 week, 1 day 186.73.227.26 for 29 weeks, 6 days, 20 hours, 13 minutes, 43 seconds 190.5.230.178 for 14 weeks, 4 days, 15 hours, 59 minutes, 59 seconds 200.241.178.210 for 3 weeks, 1 day 200.80.106.38 for 1 week, 4 hours, 48 minutes 201.151.192.69 for 2 weeks, 4 days 201.27.5.102 for 2 days, 18 hours, 27 minutes, 41 seconds 202.191.206.242 for 3 weeks, 6 days 203.45.163.105 for 28 weeks, 3 days, 9 hours, 56 minutes, 33 seconds 212.156.27.62 for 6 weeks, 6 days 212.174.252.130 for 9 weeks, 1 day 212.75.134.12 for 4 weeks 213.186.183.252 for 5 weeks, 4 days, 15 hours, 59 minutes, 59 seconds 217.91.121.82 for 2 weeks, 6 days 37.159.188.90 for 7 weeks, 1 day 41.206.23.51 for 4 weeks, 2 days 50.245.73.14 for 9 weeks, 4 days, 12 hours 66.112.96.50 for 5 weeks, 1 day 66.188.229.156 for 7 weeks, 1 day 74.7.103.53 for 17 weeks, 1 day, 6 hours, 24 minutes 80.146.31.233 for 5 weeks, 1 day 85.152.57.61 for 2 days 85.40.63.218 for 14 weeks, 3 days, 3 hours, 27 minutes, 26 seconds 87.139.213.236 for 20 weeks, 22 hours, 23 minutes, 59 seconds 93.107.104.11 for 1 week, 6 days, 5 hours, 47 minutes, 35 seconds 94.145.37.72 for 15 weeks, 4 days, 6 hours |
