upvote
This is neat. What VPS service do you use? I am trying to replace my tendency to spin up small EC2 instances just to deploy a simple web app.
reply
My $6.75 per year VPS was a Black Friday sale from Dedirock on https://lowendtalk.com. Some of the Black Friday sales are still being honored. The site https://cheapvpsbox.com/ has a nice search engine for cheap VPS sales.
reply
I recommend a dedicated $40 hetzner or OVH box and just keep all your projects on that. They're pretty powerful. I was spending a lot on a bunch of $5 linodes until recently and you have to keep them upgraded etc...
reply
how deep are your WebApps? Cloudflare pages and workers have a generous free tier, depending on what you're doing.
reply
Very nice! I am looking forward to many people running this. Perhaps people could add their URL in a ./contrib directory or something to that effect? I might set this up when I get back from the feed store.
reply
Nice idea. The original VPS is in Los Angeles, but I installed the app more recently on VPS's in London, Tokyo, and Amsterdam. I've been noticing some interesting regional differences, but it may just be smaller sample of knocks for those sites so far. I'll set up that contrib directory so that we can share our dashboards. I would be interested in looking at others' dashboards to suss out patterns.
reply
Side question: which cheap VPS are you using in Los Angeles? Looking to get one in the Southern California area.
reply
My $6.75 per year vps was a Dedirock Black Friday sale that I found https://lowendtalk.com. https://cheapvpsbox.com/ reports several nice Los Angeles sales still going on from various providers. My London, Tokyo, and Amsterdam VPSs are holiday sales from RareCloud and Racknerd - all less than $19/year.
reply
contrib directory added!
reply
> who keeps trying to log into your computer?

I'm curious, how do you think this helps you answer the question? Proxies are incredibly easy to come by these days, rotation makes it hard to identify what's behind it all.

reply
That’s a valid point. We can easily see where the attack is coming from but not who or which botnet. Some of these can be inferred by the pattern of usernames and passwords attempted, and the ISPs. Someone suggested that I collect the client SSH signature as well, which would help. But you’re right, we don’t know who is behind the attacks.
reply
I'm guessing the SSH signatures can rotate as well. I remember someone did an analysis of rotation patterns for HTTPS requests; that's when they saw some interesting clusters.
reply
I saw an ISP called Microsoft, USA… is that an official microsoft computer doing that or something else?
reply
Yes, Microsoft shows up a lot. Some of these bots are running on Azure.

My favorite ISP to spot occasionally is SpaceX / Starlink. That can’t be the most economical ISP for bot traffic, but machines can be infected, even on Starlink.

reply
Awesome, I loved it thanks for sharing it.

And I remember more than a decade ago I went down the rabbit hole hunting these bots and indeed, I found Netherlands was always the king of hill when it comes to bots, followed by US, Netherlands still there I see.

reply
Some things never change.

One of my favorite visualizations for this is to switch to the globe view and choose the “HEAT” style for a 3D heatmap superimposed on the globe. Green means few hits, and red signifies lots of hits. The Netherlands is so small that it’s tough to see though!

reply
Well done, OP.
reply