About

02/01/2016

This site is centered around a tail of my modified ssh auth log. I used the PAM library lib-storepw to capture password attempts and rewrote it slightly to customize the output.

This project was inspired after a few things, the first being this and it's cool use of d3js. I specifically wanted to test if the number of attacks on a given internet connected device were as high as ipviking was showing. The second reason I decided to do this small project was to see where the bulk of attacks were coming from, and low and behold, like the news plastered all over the internet says, China is definitely one of them (or at least, the last IP in the chain reveals this). Thirdly, I wanted to build a big password list without having to lift a finger. I will go on to use this as a password blacklist for sign up services that I build in the future. Among these, with data I have collected, I have compiled a list of naughty hosts (I have had one particular host attack me over 150000+ times) and can analyze what time of day attacks occur the most.

One of the easiest attack vectors to monitor was ssh I figured, so I spun up a droplet on DO, left root as the default user, and became available to attack on port 22 on December 9th, 2015.

You too can attack me here:

ssh root@livesshattack.net

Thanks to this and this.
About me here and a project of mine in development here.