Viewing the Top-Ten Worst SSH Attackers

If you must maintain an 'open' SSH server, this might come in handy.
This is a quick way to view the top ten worst offending SSH
attackers in your secure log. It works on Red Hat-based Linux boxen
(e.g., CentOS, Fedora), but it can easily be modified for other OS's
by just changing the pattern or logfile.

[root@mail ~]# grep 'Failed password for invalid user' /var/log/secure* \
| perl -nle 'print $1 if /from.+?(\d+\.\d+\.\d+\.\d+)/' \
| sort -n | uniq -c | sort -nr | head -n 10
  1888 200.123.110.118
  1058 187.17.82.179
  1010 72.2.10.4
   372 201.38.138.2
   330 189.19.9.217
   250 218.61.35.119
   250 210.181.198.94
   146 88.199.11.170
   140 72.55.164.232
   140 115.93.93.123
[root@mail ~]#

You are viewing proxied material from sdf.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.