CHINA RAILWAY TELECOMMUNICATIONS CENTER
May 17th, 2006 by Jason
Since I moved the server on Sunday, I’ve (for the first time in a long time) been reading the ’server activity’ email that gets sent to me every morning.
Was surprised to see 752 illegal logon attempts from ‘61.235.97.166′.
Did a reverse-lookup on the IP address and it’s registered to ‘China Railway Telecommunications Center’. Nice.
Oye. 752 attempts? I’m flattered. 
Hmmmm well arent you special. Are you actually a communist and didnt tell anyone??? Time to add that Ip to block list on the firewall huh?
Even better, what I need is a script that will look at /var/log/messages, note any IP address that fucks up more than 5 logons, and then automatically throw that IP address into iptables (the built-in Linux firewall), blocking it, of course.
Give BFD (Brute Force Detection) a try :
http://www.rfxnetworks.com/bfd.php
