A lot of our first blog posts will be more or less off-topic, as we choose not to disclose too much information just yet. I really wanted to share this info with people of the more technical community, but I’m pretty sure that if one reads over the technical terminology, he will enjoy it too.
I was quite amused logging in […] seeing about 400 failed log in attempts
Apparently, renting a virtual private server via DigitalOcean can’t pass by without having several thousand attacks on a daily basis.
This server is running since the last day of September of 2014, which is eleven days ago at the time of writing. Since that day we had 34812 (!) failed log in attempts on the server, of which 94% on the administrative (root) user.
I was quite amused logging in the first of October, the second day using the server, seeing about 400 failed log in attempts. I started writing some scripts for reading out the security log (/var/log/secure on CentOS 7) and recently published the result. The log was almost 8 MB in size yesterday, which is about the fastest growing log file I’ve ever seen.
The scripts reads the security log every hour and puts it in a database (MariaDB), then parses the lines using PHP. It’s probably not the most secure approach of doing things, but it works. After reading, the file is automatically moved and compressed. The 8 MB log now takes a little over 300 KB on disk.
I choose to put it online because it is interesting. As it’s updated automatically every hour, I decided to implement some basic charts which generate automatically too. I hope someone enjoys watching the page as much as I do.