So my friends and I have been managing CentOS for the past couple of years in an effort to save money and have autonomy from private hosting services. After being port-forwarded, our most recent server quickly caught the attention of a scraper. Brute-force attacks soon followed, and su - reports like this were a daily occurance:
I implemented fail2ban ASAP (as everyone should), and before long the daily attacks began to diminish, flooring at ~10 a week. I concluded that this botnet must be astronomical, and I wanted to see just where these attacks were being distributed from.
Sean and I began to whip up a means to find this out.
Pipng the list of banned IPs from fail2ban-client status sshd, we wrote a simple script to convert these IPv4 addresses to geolocation using the freegeoip API. This data was then parsed by mapdraw to populate a navigatible map.
Then again with a month and a half worth of data and fresh coat of paint. . .
Python is well and good for afternoon-sprint projects, but having to install huge dependencies on everyone's machine is a hastle. Better to move towards a Web stack.
This employed a FrontEnd D3js library, DataMaps. Its cross-platform accessability, high resolution SVG map and plot labels(!!!) were significant improvements over the previous implementation. This also featured a cleaner, low-light color scheme.
Will continue to post more information as it comes.