Hacker News new | past | comments | ask | show | jobs | submit login

That's so interesting. I built literally the exact same thing the other weekend.

I took all of the data and fed it into a database, then built a web interface so I could see the data better.

It's looking like this:

https://i.imgur.com/8G9GAUp.png

Lots more activity from France than I would have expected compared to other countries. Also lots more people using Amazon's infrastructure to scan the internet than I would have imagined.

Other than that it's about what you'd expect.

So far I don't find this to be overly practical because with the amount of IP addresses in the filter, the firewall takes forever to reload. (firewalld)




You can use ipset to block them. It's hash based and efficient.

http://ipset.netfilter.org/

http://mikhailian.mova.org/node/194


>Lots more activity from France than I would have expected compared to other countries

My guess would be the all the cheap server providers there eg. ovh, online.net/scaleway,


Awesome, that really looks nice! I'm hoping to build some sort of auto-generated HTML page on my site just for fun. Yours looks great.


Funny, because the first thing I thought was how frustrating it was to read. The %s are not sorted by size in the pie chart, and they're not labelled other than by colour, so you can't read the % for each country.

The attempts per hour seems to cover more than 24 hours, but the dates aren't labelled. An aggregate chart bucketed by hour of day would be more interesting, since the actual rate is quite low and has a lot of variance - at this zoom level, it's basically noise.

I agree it looks pretty, though I'd take a table with some bar chart columns.


The charts are interactive, you can hover each slice to get names and percentages, or each name to find it on the chart.

I found it wasn't really worth doing more with the chart, since its purpose was really just comparing the largest offenders.

Regarding the time frames, the buttons in the top right allow choosing the time frame. today, yesterday, 48 hours, week, month, year.

I also slapped this together in half a day.. there is plenty of room for improvement, and more charts and options could easily be added.

I didn't take this very far because this was not my goal, it was just a quick idea to allow me to block others from being able to query my server while still allowing me access from anywhere in the world. The visualizations were just for fun.


I made just this for my pet project https://rankfirst.me/ipban.html I'm using ipban and ipgeo.


Mmmm... I'm a bit surprised by France: 3rd country but... first french town is 29th (Lyon, only the 3rd city of the country) and no french subdivision in the top 40 ?????

Maybe some cross-checking would be welcomed, because it doesn't seem really consistent. Any explaination ?


probably because of ovh

but be warned that such attribution attempts are utterly useless in the end.


Hey, Would you mind to share the code? Would really appreciate it!


I can give you the basics.

Parse your log files. If condition met, insert a line into your database.

Add extra details with a reverse DNS lookup, and IP location check.

I'm using: https://www.geoplugin.com/ at the moment, but feel like there are probably better alternatives.

I then move the data to another log file with a similar name and date so it doesn't get parsed twice, but I keep the data.

Then just make a page to pull the data out of the database.

This is probably what you are looking for:

https://developers.google.com/chart/interactive/docs/gallery

Just do a loop and feed the values into the chart data.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: