As this is my private VPS, it is super annoying to see people attempting to try to ssh into my server.
I am current using fail2ban to filter out IPs that are attempting to ssh into my server multiple times and have them permabanned.
It’s been one month since it is implemented and this is the current statistics.
It is interesting to see China being the main source of IP being banned.
Maybe they are being too aggressive and keeps on triggering my ban rules?
Still there are plenty of other countries being banned too.
Banned IP country status Total IP banned: 126 1 GeoIP Country Edition: A1, Anonymous Proxy 2 GeoIP Country Edition: CA, Canada 1 GeoIP Country Edition: CH, Switzerland 57 GeoIP Country Edition: CN, China 1 GeoIP Country Edition: CO, Colombia 1 GeoIP Country Edition: CZ, Czech Republic 4 GeoIP Country Edition: DE, Germany 1 GeoIP Country Edition: DO, Dominican Republic 4 GeoIP Country Edition: GB, United Kingdom 1 GeoIP Country Edition: HK, Hong Kong 1 GeoIP Country Edition: ID, Indonesia 4 GeoIP Country Edition: IN, India 5 GeoIP Country Edition: IP Address not found 2 GeoIP Country Edition: IT, Italy 1 GeoIP Country Edition: JP, Japan 5 GeoIP Country Edition: KR, Korea, Republic of 1 GeoIP Country Edition: NI, Nicaragua 5 GeoIP Country Edition: NL, Netherlands 1 GeoIP Country Edition: PE, Peru 1 GeoIP Country Edition: PK, Pakistan 1 GeoIP Country Edition: RO, Romania 3 GeoIP Country Edition: RU, Russian Federation 1 GeoIP Country Edition: SE, Sweden 3 GeoIP Country Edition: TH, Thailand 1 GeoIP Country Edition: TR, Turkey 2 GeoIP Country Edition: TW, Taiwan 2 GeoIP Country Edition: UA, Ukraine 11 GeoIP Country Edition: US, United States 2 GeoIP Country Edition: VN, Vietnam 1 GeoIP Country Edition: ZA, South Africa
Sample bash script source code to get the results above
#!/bin/bash #Gets the list of IP being banned for sshd in fail2ban IP_LIST=$(fail2ban-client status sshd | grep Banned | cut -d":" -f2 | tr " " "\n" | sed -e 's/^[ \t]*//' ) #Count the list of IP echo "Total IP banned: " $(echo "$IP_LIST" | wc -l) #Uses geoiplookup to locate the country of the IPs and count them ( for IP in $IP_LIST ; do geoiplookup $IP ; done ) | sort | uniq -c