IP List of SSH/RDP Brute force attackers is created from a merged of locally observed IPs and 2 hours old IPs registered at badip.com and blocklist.de
Our local IPs are farmed from LCSR central Syslog server. BadIP.com and blocklist.de are abuse trackers, community based IP blacklist service which oursourced their data systematically from people around the world. These data excluded Rutgers public and private IPs.
If there is no further incoming attacks, automatic delisting occurs as follow:
- Once listed, it will take about 48 hours to be delisted.
- If your attack count is over 10,000, you wont get delisted for 2 weeks.
- If you are Rutgers users and must use our resources, you must now use University VPN.
What to do?
To protect and keep your Linux machines from being attacked, download, save and run
script every 5 minutes via cron.
This script adds LCSRDrop chain into your IPTable to avoid interference with your existing IPTables.
Example cron entry:
1-56/5 * * * * /usr/local/bin/lcsrdrop.sh > /dev/null 2>&1
Contributing to this project
If you would like to get your machine stats on this page and/or you want to contribute to the log, simply add the following syslog entry to your syslog.conf file and restart your syslogd.
As we get more effective at blocking the attackers, the less data we get. Your contribution will help speed up discovery of new attacks.
*For Solaris8, we have special code not posted here. Contact Don Watrous. for the code.
This script is provided for Rutgers community - AS IS with NO WARRANTY and LIABILITY implied whatsoever. Use at your own risks or benefits.