-
Notifications
You must be signed in to change notification settings - Fork 0
Home
This a project that was born out of necessity to combat port scanning and forced entry attempts on VMs. We would have our auth.log's filled with spammed attempts ranging from trying to use the default username and password usernames such as docker and pi or spamming the user root with passwords trying to gain entry. After the initial amusement wore off, it got a bit tedious and annoying.
As such, I created the first iteration of this project. It used a basic combination of scanning through the auth.log with the public API at ipinfo.io with a bit of local storage with python's pickle module.
However, later on, I realised that this was very inefficient and resource costly. As such, I came up with the second iteration of this project that combined Docker, Postgres and Python3 with the help of a few modules to create the second iteration.
In this new format, I have a main server which acts as a middleman with the API at ipinfo to help reduce rate limit opportunities as well as improving response time and having a more heavily customised API that I can alter as I need too. Now I can process 700 IPs in 1.4 seconds with just one POST request as compared to the much higher time it would take me to send 700 GET requests to ipinfo.io. This is especially evident when ipinfo's API does not support bulk requests as seen here as in their own words "Our API only supports lookup for a single IP address at a time" which is exactly what I need to do.