Original post is here: eklausmeier.goip.de
I am running fail2ban since November 2017 and all unsuccessful attempts to log-in to sshd are monitored. Breaking down these attempts according country shows that Chinese IP addresses are coming first here.
The numbers are:
127639 China
213589 United States
38641 France
43985 India
53418 Korea
63217 Brazil
72940 Canada
82419 Germany
92157 Russian Federation
101988 Indonesia
The distribution of total attacks per month is as depicted below:
[more_WP_Tag]
Getting total attacks per month is
1sqlite3 -csv fail200117 "select strftime('%Y-%m',datetime(timeofban,'unixepoch','localtime')) year_month, count(*) from bans group by year_month order by year_month" > ipBlockPerMonth
File fail200117 is a copy of /var/lib/fail2ban/fail2ban.sqlite3. The numbers are:
12017-11,4
22017-12,1
32018-01,1
42018-03,4
52018-05,1
62018-06,1
72018-07,1
82018-08,67
92018-09,63
102018-10,84
112018-11,64
122018-12,841
132019-01,4661
142019-02,7611
152019-03,17664
162019-04,13785
172019-05,4507
182019-06,2194
192019-07,1411
202019-08,4442
212019-09,5831
222019-10,8460
232019-11,10635
242019-12,6539
252020-01,9821
Getting numbers grouped by country is as follows: Collect numbers including frequency in file ipCnt. Then run all distinct IP addresses through geoiplookup. Then use the paste command to merge the files together.
1sqlite3 -csv fail200117 "select ip, count(*) from bans group by ip order by ip" > ipCnt
2sqlite3 -csv fail200117 "select distinct ip from bans order by ip" | while read -r i; do geoiplookup $i; done > ipGeo
3paste -d, ipCnt ipGeo > ipCntGeo
File ipCntGeo looks like this:
11.0.192.181,2,GeoIP Country Edition: TH, Thailand
21.0.241.132,2,GeoIP Country Edition: TH, Thailand
31.1.215.230,2,GeoIP Country Edition: TH, Thailand
41.10.214.216,2,GeoIP Country Edition: TH, Thailand
51.100.179.187,2,GeoIP Country Edition: KR, Korea, Republic of
61.100.182.91,2,GeoIP Country Edition: KR, Korea, Republic of
71.100.90.127,2,GeoIP Country Edition: KR, Korea, Republic of
81.101.49.57,2,GeoIP Country Edition: KR, Korea, Republic of
91.109.178.70,2,GeoIP Country Edition: KR, Korea, Republic of
101.109.198.160,2,GeoIP Country Edition: KR, Korea, Republic of
Now use simple Perl script to do the counting.
1my (%H);
2while (<>) {
3 chomp;
4 my @F = split(/,/);
5 if ($F[2] =~ /IP Address not found/i) {
6 $H{" not found"} += $F[1];
7 } else {
8 $H{$F[3]} += $F[1];
9 }
10}
11
12foreach (keys %H) {
13 printf("%d\t%s\n", $H{$_}, $_);
14}
The entire list is as follows:
127639 China
213589 United States
38641 France
43985 India
53418 Korea
63217 Brazil
72940 Canada
82419 Germany
92157 Russian Federation
101988 Indonesia
111779 United Kingdom
121758 Vietnam
131748 Italy
141705 Singapore
151283 Netherlands
161099 Thailand
17956 Greece
18916 Colombia
19914 Poland
20904 Taiwan
21845 Argentina
22837 Mexico
23797 Hong Kong
24736 Spain
25598 Japan
26593 Ukraine
27585 *not found
28563 Malaysia
29493 Egypt
30388 Hungary
31364 Chile
32339 Turkey
33335 South Africa
34330 Australia
35315 Philippines
36310 Sweden
37303 Belgium
38277 Iran
39239 Romania
40232 Pakistan
41226 Peru
42221 Czech Republic
43219 Bangladesh
44213 Portugal
45204 Paraguay
46181 Bulgaria
47169 Ecuador
48168 Ireland
49162 Austria
50160 Kazakhstan
51128 Venezuela
52126 Bolivia
53114 Dominican Republic
54113 Switzerland
55113 Slovakia
56112 Nepal
57108 Morocco
58106 Norway
5998 Nigeria
6097 Israel
6197 Denmark
6294 Lithuania
6393 United Arab Emirates
6489 Kenya
6588 Belarus
6687 Tunisia
6786 Latvia
6886 Azerbaijan
6984 Uganda
7069 Serbia
7167 Finland
7265 Mauritius
7364 Slovenia
7463 Asia/Pacific Region
7562 Cambodia
7661 Senegal
7760 Cameroon
7859 Ethiopia
7958 Uruguay
8058 Sri Lanka
8154 Zimbabwe
8254 Uzbekistan
8354 Algeria
8453 Mongolia
8551 Luxembourg
8645 Croatia
8744 Lao People's Democratic Republic
8843 Armenia
8942 Guatemala
9041 Iraq
9139 Botswana
9238 Tanzania
9338 Ghana
9438 Europe
9538 Barbados
9637 Panama
9734 Saudi Arabia
9834 Palestinian Territory
9932 Kyrgyzstan
10030 New Zealand
10129 Costa Rica
10228 Macau
10326 Qatar
10424 Myanmar
10524 Lebanon
10623 New Caledonia
10723 Moldova
10823 Jordan
10923 Cote D'Ivoire
11019 Syrian Arab Republic
11119 Albania
11218 Malawi
11317 Zambia
11417 Kuwait
11517 Georgia
11617 Bosnia and Herzegovina
11716 Sudan
11816 Oman
11916 Mozambique
12016 Gabon
12116 Bahamas
12215 Estonia
12314 Cayman Islands
12414 Benin
12513 Montenegro
12612 Virgin Islands
12712 Angola
12811 Mali
12911 Libya
13011 Congo
13110 Martinique
1329 Saint Barthelemy
1339 Reunion
1349 Monaco
1359 Haiti
1369 El Salvador
1378 Togo
1388 Seychelles
1398 Rwanda
1408 Puerto Rico
1418 Macedonia
1428 Jamaica
1438 Bahrain
1447 Trinidad and Tobago
1457 Madagascar
1467 Grenada
1477 Fiji
1487 Brunei Darussalam
1496 Suriname
1506 Saint Kitts and Nevis
1516 Niger
1526 Iceland
1536 Antigua and Barbuda
1545 Yemen
1555 Namibia
1565 Djibouti
1574 Nicaragua
1584 Malta
1594 Burkina Faso
1603 Liberia
1613 Jersey
1623 Honduras
1633 Dominica
1643 Cyprus
1653 Belize
1663 Afghanistan
1672 Tajikistan
1682 Mauritania
1692 Maldives
1702 Lesotho
1712 Guernsey
1722 Guadeloupe
1732 Curacao
1742 Cape Verde
1752 Burundi
1762 Bhutan
1771 Saint Lucia
1781 Papua New Guinea
1791 Isle of Man
1801 Guyana
1811 Cuba
1821 Chad
1831 Aruba
1841 Andorra
Added 05-Mar-2024: I added a version for 2024: Chinese Hackers #2. TLDR: China is still number one.