Recently my server experinced heavy brute force attack, on an average two requests per second. Attacker was trying to get SSH access to the server. But still, everything stayed intact. It was like a night-mare when I realised it.
In this article, I'm presenting basic analysis of the log files. Especially, top IPs, ports and usernames used in the attack.
Total 363 IPs are used in the attack almost from every country. Every IP is used atleast twice in the attack. Highest number of times a single IP used in attack is 314 times.
Following are the top 5 IPs used in the attack
Following is the pie chart representing the percentage usage of IP addresses in the attack.
Continent-wise IP address data
Following are the top 5 country IP addresses used in the attack
|4||Republic of Korea||23|
Country-wise IP address data
Attacker used a total 635 usernames to bruet-force the server. Attacker used usernames stating with admin to minecraft and also 0. It seems weired when someone uses only digits in username. Its funny to use usernames made of only single digit.
Following are the top 5 usernames used in the attack
All usernames used in the attack
A total of 1238 ports are used in the attack. Starting with port number 1088 to 65460. Each port is used atleast for two times in the attack
Following are the top 5 ports used
Never ever use password based authentication for SSH access.
Implement a security system to block IPs or hosts trying to get into the system like fail2ban.
Never use common usernames during user account creation. Better to use cryptic usernames like passwords.
Regularly analyze system logs and take neccessary actions.
Close all unused ports. Expose only required ports to public internet with appropriate security measures in place.
Setup alert system to get notified if something unusual happens in the server like a user logged in to the service, a critical service stopped, a new service started, change in the filesystem etc.
Lastly, share required data with the community to help others.
Download all data from here!
All data is for information purpose only. Website admin or owner is not responsible for illegal or mis-use of data.
Have anything to add or need help, just ping
Remember "Sharing is Caring"
request failed! Contact admin.