search

DPsystems / Login-Shield

Your first line of defense against Internet bots, hacks and probes. Login-Shield is a small set of bash scripts that implements an iptables/ipset blocklist of known sources of hack activity. Works great as a compliment with/without fail2ban. Statistics have shown it blocks 90+% of most system probes and attacks on login ports.
Other
36 stars 6 forks source link

Share your statistics here #5

Open DPsystems opened 3 years ago

DPsystems commented 3 years ago

There are two scripts that come with the system that provide reports on the effectiveness of login-shield. Feel free to share any details from these reports to show how well your system is working.

Here are some current examples from mine:

./count_logins.sh:

Here is my main web server: (edit and tab over 4 spaces to make it come out properly)

      _                 _             _____ _     _      _     _
     | |               (_)           / ____| |   (_)    | |   | |
     | |     ___   __ _ _ _ __ _____| (___ | |__  _  ___| | __| |
     | |    / _ \ / _` | | ^_ \______\___ \|  _ \| |/ _ \ |/ _` |
     | |___| (_) | (_| | | | | |     ____) | | | | |  __/ | (_| |
     |______\___/ \__, |_|_| |_|    |_____/|_| |_|_|\___|_|\__,_|
                   __/ |
                  |___/

    ============= Login-Shield Statistics based on current log files ===========
     Using: /var/log/messages and /var/log/secure
    -- Number of login failures in log files: 14
    Start: Apr  4 03:10:02 
    End  : Apr 27 07:12:17 
    =====================================
    --        Number of filtered connections: 10270
    ============================================================================
    Total system attacks: 10284
    Blocked attempts    : 10270
    Attacks got through : 14
    ---------------------------------
    % Of Attacks Blocked: 99.8639%
    ============================================================================
DPsystems commented 3 years ago

./attack_stats.sh lookup:

  ======= Attack Statistics based on current log files =======
   Using: /var/log/messages Key: WINDOW

  From: Apr 1 03:20:14
  To  : Apr 28 10:16:29

  -- Number of blocked attacks in log files  : 107653
  -- Number of unique IP addresses attacking : 12484
     Average # of attacks per IP             : 8
     Percentage of attacks from top 50 IPs   : 63.7%
     Percentage of attacks from top 10 IPs   : 57.0%
     Percentage of attacks from top 5 IPs    : 51.3%

  Top 20:
Attacks:  IP Address:  Country:
-------------------------------
  19469 91.191.209.122  EU
  15363 5.188.206.236   EU
   7189 91.191.209.125  EU
   6862 91.191.209.124  EU
   6389 91.191.209.123  EU
   3171 59.7.91.13
    760 77.40.17.54     RU
    760 77.40.10.115    RU
    759 31.184.196.15   RU
    684 5.188.206.235   EU
    504 77.40.17.61     RU
    351 1.245.241.182   KR
    350 222.119.99.159
    300 222.113.1.102
    300 1.11.128.154    KR
    248 176.96.238.131  RU
    247 77.40.61.69     RU
    225 107.173.62.29   US
    216 198.50.159.124  CA
    216 167.114.188.12  BR