Stats
Het bijhouden van statistieken op basis van logbestanden van servers is zeer nuttig. Een voorbeeld hiervan is het registreren van de frequentie van pogingen per IP-adres over een bepaalde periode op een Linux-server. Dit kan waardevolle inzichten bieden in verdacht verkeer.
Hostingservers worden regelmatig aangevallen. Een veelgebruikte tactiek is brute force-aanvallen, waarbij geprobeerd wordt wachtwoorden te raden. Hieronder staat de uitvoer van een Python-script waarmee wordt bijgehouden vanaf welke IP-adressen pogingen worden ondernomen om wachtwoorden te raden met als doel Postfix op deze server.
Postfix Auth Fails
The following output has been generated by my postfix_failed_logins_thm.py script. This script runs every 15 minutes (cron), starting from May 26, 2024, at 16:45.
Last Updated: 2024-10-22 20:30:02
Revision: 14344
IP Address
Email Address
Frequency
94.156.177.103
u-----o@g-----------l
6
94.156.177.103
f--------o@g-----------l
6
94.156.177.103
u--r@g-----------l
6
94.156.177.103
c-o@g-----------l
4
94.156.177.12
f--------o@g-----------l
4
183.167.33.123
i--o@i--------------m
3
94.156.177.103
c--o@g-----------l
3
94.156.177.103
o----e@g-----------l
3
94.156.177.103
a-----------r@g-----------l
3
94.156.177.103
a-----t@g-----------l
3
94.156.177.103
c-o@g-----------l
3
94.156.177.103
a--------t@g-----------l
3
94.156.177.103
p--------r@g-----------l
3
94.156.177.103
a---n@g-----------l
3
94.156.177.103
f-------l@g-----------l
3
94.156.177.103
i-------s@g-----------l
3
94.156.177.103
g---t@g-----------l
3
94.156.177.103
ap@g-----------l
3
94.156.177.103
a--n@g-----------l
3
94.156.177.103
a-------s@g-----------l
3
94.156.177.103
t--t@g-----------l
3
94.156.177.103
i--o@g-----------l
3
94.156.177.103
m------z@g-----------l
3
94.156.177.103
m-----l@g-----------l
3
94.156.177.103
m-----r@g-----------l
3
94.156.177.103
m----r@g-----------l
3
94.156.177.103
s----m@g-----------l
3
94.156.177.103
t---1@g-----------l
3
94.156.177.103
t--p@g-----------l
3
94.156.177.103
f-p@g-----------l
3
94.156.177.103
pi@g-----------l
3
94.156.177.103
p----t@g-----------l
3
94.156.177.103
p----a@g-----------l
3
94.156.177.103
a---s@g-----------l
3
94.156.177.103
d--o@g-----------l
3
94.156.177.103
d---y@g-----------l
3
94.156.177.12
u-----o@g-----------l
3
103.201.135.97
b---e@a-------l
2
136.158.122.125
b---e@a-------l
2
154.39.0.103
h-----------a@m-------m
2
177.93.38.137
b---e@a-------l
2
94.156.177.12
g---t@g-----------l
2
94.156.177.12
ap@g-----------l
2
94.156.177.12
a--n@g-----------l
2
94.156.177.12
a-------s@g-----------l
2
94.156.177.12
t--t@g-----------l
2
94.156.177.12
i--o@g-----------l
2
94.156.177.12
m------z@g-----------l
2
94.156.177.12
u--r@g-----------l
2
101.13.4.76
j-----m@a-------l
1
103.109.44.163
g---------r@a-------l
1
103.58.67.218
n-----w@m-------m
1
103.65.41.205
j-----m@a-------l
1
109.194.102.59
b---e@a-------l
1
110.25.103.101
w-----e@a-------l
1
110.25.104.101
g---------r@a-------l
1
110.25.104.192
n-----w@m-------m
1
113.193.240.194
g---------r@a-------l
1
113.193.240.74
g---------r@a-------l
1
113.200.72.158
j-----m@a-------l
1
114.216.5.134
j-----m@a-------l
1
114.242.61.35
b---e@i--------------m
1
116.197.232.122
w-----e@a-------l
1
117.250.118.250
j-----m@a-------l
1
118.200.34.234
g---------r@a-------l
1
118.36.86.36
b---e@a-------l
1
119.207.7.99
b---e@i--------------m
1
120.157.236.189
n-----l@m-------m
1
120.234.188.85
w-----e@a-------l
1
121.7.26.195
n-----l@m-------m
1
124.40.48.69
b---e@i--------------m
1
128.106.161.201
n-c@g------g
1
128.199.202.11
w-----e@a-------l
1
137.27.32.70
a--e@g------g
1
14.202.213.211
b---e@a-------l
1
14.43.137.90
g---------r@a-------l
1
14.49.180.201
b---e@i--------------m
1
151.247.13.160
j-----m@a-------l
1
154.216.18.56
b---e@a-------l
1
177.5.229.122
g---------r@a-------l
1
179.185.227.77
a--e@g------g
1
180.213.2.186
b---e@i--------------m
1
182.42.113.10
o----------e@g------g
1
183.17.125.226
n-----l@m-------m
1
183.220.241.197
w-----e@a-------l
1
185.218.106.114
b---e@a-------l
1
186.122.240.132
g---------r@a-------l
1
186.247.196.106
w-----e@a-------l
1
187.76.174.254
g---------r@a-------l
1
187.76.174.254
j-----m@a-------l
1
187.93.153.166
n-----w@m-------m
1
188.153.235.178
g---------r@a-------l
1
188.187.62.248
b---e@i--------------m
1
188.192.148.167
o----------e@g------g
1
189.113.10.204
t--o@m-------m
1
193.106.153.104
n-----w@m-------m
1
193.86.236.96
g---------r@a-------l
1
197.156.115.37
b---e@i--------------m
1
2.38.252.44
b---e@a-------l
1
2.47.215.126
n-----w@m-------m
1
2.97.144.117
g---------r@a-------l
1
208.59.61.100
n-c@g------g
1
210.245.95.11
b---e@a-------l
1
211.179.252.231
o----------e@g------g
1
211.43.107.179
j-----m@a-------l
1
213.135.69.2
b---e@i--------------m
1
220.164.40.207
n-----l@m-------m
1
221.10.195.198
j-----m@a-------l
1
221.153.177.192
w-----e@a-------l
1
222.119.124.66
o----------e@g------g
1
24.50.230.82
g---------r@a-------l
1
37.117.115.29
a--e@g------g
1
37.18.38.193
n-----l@m-------m
1
45.4.143.10
o----------e@g------g
1
46.138.247.195
a--e@g------g
1
47.206.95.195
b---e@a-------l
1
5.30.191.129
w-----e@a-------l
1
5.95.132.148
w-----e@a-------l
1
58.169.5.68
n-----w@m-------m
1
58.229.51.206
o----------e@g------g
1
58.246.9.146
g---------r@a-------l
1
59.1.75.149
o----------e@g------g
1
59.8.23.171
o----------e@g------g
1
72.133.96.28
n-c@g------g
1
76.136.164.157
j-----m@a-------l
1
76.77.23.11
o----------e@g------g
1
79.153.166.10
o----------e@g------g
1
81.225.89.235
n-----w@m-------m
1
82.127.242.250
n-----w@m-------m
1
82.193.122.91
n-----w@m-------m
1
88.210.24.170
n-----l@m-------m
1
89.169.52.77
n-c@g------g
1
93.144.103.50
b---e@a-------l
1
93.155.242.87
b---e@i--------------m
1
94.156.177.12
m-----l@g-----------l
1
94.156.177.12
m-----r@g-----------l
1
94.156.177.12
m----r@g-----------l
1
94.156.177.12
s----m@g-----------l
1
94.156.177.12
t---1@g-----------l
1
94.156.177.12
t--p@g-----------l
1
94.156.177.12
f-p@g-----------l
1
94.156.177.12
pi@g-----------l
1
94.156.177.12
p----t@g-----------l
1
94.156.177.12
p----a@g-----------l
1
94.156.177.12
a---s@g-----------l
1
94.156.177.12
d--o@g-----------l
1
94.156.177.12
d---y@g-----------l
1
94.156.177.12
c-o@g-----------l
1
94.156.177.12
c--o@g-----------l
1
94.156.177.12
o----e@g-----------l
1
94.156.177.12
a-----------r@g-----------l
1
94.156.177.12
a-----t@g-----------l
1
94.156.177.12
c-o@g-----------l
1
94.156.177.12
a--------t@g-----------l
1
94.156.177.12
p--------r@g-----------l
1
94.156.177.12
a---n@g-----------l
1
94.156.177.12
f-------l@g-----------l
1
94.156.177.12
i-------s@g-----------l
1
94.204.68.44
n-----l@m-------m
1
95.28.134.117
w-----e@a-------l
1
96.79.249.93
g---------r@a-------l
1
98.57.97.40
n-----l@m-------m
1
Notes
Please note: this server has been operational since 2019, and the permanent block list contains many IP addresses which are excluded from the list below. The frequency won't increase significantly either, as Fail2Ban is active on this server (offending IPs will eventually be blocked, with repeat offenders facing even longer blocks).
Formats
The list is available in these formats: HTML, plain text and markdown.
Script
Interested in the script? Click here to download it in gz format. Use at your own risk. The software is provided "as is" and the author disclaims all warranties with regard to this software including all implied warranties of merchantability and fitness. In no event shall the author be liable for any special, direct, indirect, or consequential damages or any damages whatsoever resulting from loss of use, data, or profits, whether in an action of contract, negligence, or other tortious action, arising out of or in connection with the use or performance of this software. You can find the license here.