Klik hier voor informatie over de wijziging in de levering van diensten en ondersteuning.

Stats

Het bijhouden van statistieken op basis van logbestanden van servers is zeer nuttig. Een voorbeeld hiervan is het registreren van de frequentie van pogingen per IP-adres over een bepaalde periode op een Linux-server. Dit kan waardevolle inzichten bieden in verdacht verkeer.

Hostingservers worden regelmatig aangevallen. Een veelgebruikte tactiek is brute force-aanvallen, waarbij geprobeerd wordt wachtwoorden te raden. Hieronder staat de uitvoer van een Python-script waarmee wordt bijgehouden vanaf welke IP-adressen pogingen worden ondernomen om wachtwoorden te raden met als doel Postfix op deze server.

Postfix Auth Fails

The following output has been generated by my postfix_failed_logins_thm.py script. This script runs every 15 minutes (cron), starting from May 26, 2024, at 16:45.

Last Updated: 2024-10-22 20:30:02
Revision: 14344

IP Address Email Address Frequency
94.156.177.103 u-----o@g-----------l 6
94.156.177.103 f--------o@g-----------l 6
94.156.177.103 u--r@g-----------l 6
94.156.177.103 c-o@g-----------l 4
94.156.177.12 f--------o@g-----------l 4
183.167.33.123 i--o@i--------------m 3
94.156.177.103 c--o@g-----------l 3
94.156.177.103 o----e@g-----------l 3
94.156.177.103 a-----------r@g-----------l 3
94.156.177.103 a-----t@g-----------l 3
94.156.177.103 c-o@g-----------l 3
94.156.177.103 a--------t@g-----------l 3
94.156.177.103 p--------r@g-----------l 3
94.156.177.103 a---n@g-----------l 3
94.156.177.103 f-------l@g-----------l 3
94.156.177.103 i-------s@g-----------l 3
94.156.177.103 g---t@g-----------l 3
94.156.177.103 ap@g-----------l 3
94.156.177.103 a--n@g-----------l 3
94.156.177.103 a-------s@g-----------l 3
94.156.177.103 t--t@g-----------l 3
94.156.177.103 i--o@g-----------l 3
94.156.177.103 m------z@g-----------l 3
94.156.177.103 m-----l@g-----------l 3
94.156.177.103 m-----r@g-----------l 3
94.156.177.103 m----r@g-----------l 3
94.156.177.103 s----m@g-----------l 3
94.156.177.103 t---1@g-----------l 3
94.156.177.103 t--p@g-----------l 3
94.156.177.103 f-p@g-----------l 3
94.156.177.103 pi@g-----------l 3
94.156.177.103 p----t@g-----------l 3
94.156.177.103 p----a@g-----------l 3
94.156.177.103 a---s@g-----------l 3
94.156.177.103 d--o@g-----------l 3
94.156.177.103 d---y@g-----------l 3
94.156.177.12 u-----o@g-----------l 3
103.201.135.97 b---e@a-------l 2
136.158.122.125 b---e@a-------l 2
154.39.0.103 h-----------a@m-------m 2
177.93.38.137 b---e@a-------l 2
94.156.177.12 g---t@g-----------l 2
94.156.177.12 ap@g-----------l 2
94.156.177.12 a--n@g-----------l 2
94.156.177.12 a-------s@g-----------l 2
94.156.177.12 t--t@g-----------l 2
94.156.177.12 i--o@g-----------l 2
94.156.177.12 m------z@g-----------l 2
94.156.177.12 u--r@g-----------l 2
101.13.4.76 j-----m@a-------l 1
103.109.44.163 g---------r@a-------l 1
103.58.67.218 n-----w@m-------m 1
103.65.41.205 j-----m@a-------l 1
109.194.102.59 b---e@a-------l 1
110.25.103.101 w-----e@a-------l 1
110.25.104.101 g---------r@a-------l 1
110.25.104.192 n-----w@m-------m 1
113.193.240.194 g---------r@a-------l 1
113.193.240.74 g---------r@a-------l 1
113.200.72.158 j-----m@a-------l 1
114.216.5.134 j-----m@a-------l 1
114.242.61.35 b---e@i--------------m 1
116.197.232.122 w-----e@a-------l 1
117.250.118.250 j-----m@a-------l 1
118.200.34.234 g---------r@a-------l 1
118.36.86.36 b---e@a-------l 1
119.207.7.99 b---e@i--------------m 1
120.157.236.189 n-----l@m-------m 1
120.234.188.85 w-----e@a-------l 1
121.7.26.195 n-----l@m-------m 1
124.40.48.69 b---e@i--------------m 1
128.106.161.201 n-c@g------g 1
128.199.202.11 w-----e@a-------l 1
137.27.32.70 a--e@g------g 1
14.202.213.211 b---e@a-------l 1
14.43.137.90 g---------r@a-------l 1
14.49.180.201 b---e@i--------------m 1
151.247.13.160 j-----m@a-------l 1
154.216.18.56 b---e@a-------l 1
177.5.229.122 g---------r@a-------l 1
179.185.227.77 a--e@g------g 1
180.213.2.186 b---e@i--------------m 1
182.42.113.10 o----------e@g------g 1
183.17.125.226 n-----l@m-------m 1
183.220.241.197 w-----e@a-------l 1
185.218.106.114 b---e@a-------l 1
186.122.240.132 g---------r@a-------l 1
186.247.196.106 w-----e@a-------l 1
187.76.174.254 g---------r@a-------l 1
187.76.174.254 j-----m@a-------l 1
187.93.153.166 n-----w@m-------m 1
188.153.235.178 g---------r@a-------l 1
188.187.62.248 b---e@i--------------m 1
188.192.148.167 o----------e@g------g 1
189.113.10.204 t--o@m-------m 1
193.106.153.104 n-----w@m-------m 1
193.86.236.96 g---------r@a-------l 1
197.156.115.37 b---e@i--------------m 1
2.38.252.44 b---e@a-------l 1
2.47.215.126 n-----w@m-------m 1
2.97.144.117 g---------r@a-------l 1
208.59.61.100 n-c@g------g 1
210.245.95.11 b---e@a-------l 1
211.179.252.231 o----------e@g------g 1
211.43.107.179 j-----m@a-------l 1
213.135.69.2 b---e@i--------------m 1
220.164.40.207 n-----l@m-------m 1
221.10.195.198 j-----m@a-------l 1
221.153.177.192 w-----e@a-------l 1
222.119.124.66 o----------e@g------g 1
24.50.230.82 g---------r@a-------l 1
37.117.115.29 a--e@g------g 1
37.18.38.193 n-----l@m-------m 1
45.4.143.10 o----------e@g------g 1
46.138.247.195 a--e@g------g 1
47.206.95.195 b---e@a-------l 1
5.30.191.129 w-----e@a-------l 1
5.95.132.148 w-----e@a-------l 1
58.169.5.68 n-----w@m-------m 1
58.229.51.206 o----------e@g------g 1
58.246.9.146 g---------r@a-------l 1
59.1.75.149 o----------e@g------g 1
59.8.23.171 o----------e@g------g 1
72.133.96.28 n-c@g------g 1
76.136.164.157 j-----m@a-------l 1
76.77.23.11 o----------e@g------g 1
79.153.166.10 o----------e@g------g 1
81.225.89.235 n-----w@m-------m 1
82.127.242.250 n-----w@m-------m 1
82.193.122.91 n-----w@m-------m 1
88.210.24.170 n-----l@m-------m 1
89.169.52.77 n-c@g------g 1
93.144.103.50 b---e@a-------l 1
93.155.242.87 b---e@i--------------m 1
94.156.177.12 m-----l@g-----------l 1
94.156.177.12 m-----r@g-----------l 1
94.156.177.12 m----r@g-----------l 1
94.156.177.12 s----m@g-----------l 1
94.156.177.12 t---1@g-----------l 1
94.156.177.12 t--p@g-----------l 1
94.156.177.12 f-p@g-----------l 1
94.156.177.12 pi@g-----------l 1
94.156.177.12 p----t@g-----------l 1
94.156.177.12 p----a@g-----------l 1
94.156.177.12 a---s@g-----------l 1
94.156.177.12 d--o@g-----------l 1
94.156.177.12 d---y@g-----------l 1
94.156.177.12 c-o@g-----------l 1
94.156.177.12 c--o@g-----------l 1
94.156.177.12 o----e@g-----------l 1
94.156.177.12 a-----------r@g-----------l 1
94.156.177.12 a-----t@g-----------l 1
94.156.177.12 c-o@g-----------l 1
94.156.177.12 a--------t@g-----------l 1
94.156.177.12 p--------r@g-----------l 1
94.156.177.12 a---n@g-----------l 1
94.156.177.12 f-------l@g-----------l 1
94.156.177.12 i-------s@g-----------l 1
94.204.68.44 n-----l@m-------m 1
95.28.134.117 w-----e@a-------l 1
96.79.249.93 g---------r@a-------l 1
98.57.97.40 n-----l@m-------m 1

Notes

Please note: this server has been operational since 2019, and the permanent block list contains many IP addresses which are excluded from the list below. The frequency won't increase significantly either, as Fail2Ban is active on this server (offending IPs will eventually be blocked, with repeat offenders facing even longer blocks).

Formats

The list is available in these formats: HTML, plain text and markdown.

Script

Interested in the script? Click here to download it in gz format. Use at your own risk. The software is provided "as is" and the author disclaims all warranties with regard to this software including all implied warranties of merchantability and fitness. In no event shall the author be liable for any special, direct, indirect, or consequential damages or any damages whatsoever resulting from loss of use, data, or profits, whether in an action of contract, negligence, or other tortious action, arising out of or in connection with the use or performance of this software. You can find the license here.