undefined

points

[-]

This is neat. What VPS service do you use? I am trying to replace my tendency to spin up small EC2 instances just to deploy a simple web app.

by djkurlander3 hours ago|

parent|

[-]

My $6.75 per year VPS was a Black Friday sale from Dedirock on https://lowendtalk.com. Some of the Black Friday sales are still being honored. The site https://cheapvpsbox.com/ has a nice search engine for cheap VPS sales.

by winrid1 hours ago|

parent|

prev|

[-]

I recommend a dedicated $40 hetzner or OVH box and just keep all your projects on that. They're pretty powerful. I was spending a lot on a bunch of $5 linodes until recently and you have to keep them upgraded etc...

by fragmede1 hours ago|

parent|

prev|

[-]

how deep are your WebApps? Cloudflare pages and workers have a generous free tier, depending on what you're doing.

by Bender7 hours ago|

prev|

[-]

Very nice! I am looking forward to many people running this. Perhaps people could add their URL in a ./contrib directory or something to that effect? I might set this up when I get back from the feed store.

by djkurlander7 hours ago|

parent|

[-]

Nice idea. The original VPS is in Los Angeles, but I installed the app more recently on VPS's in London, Tokyo, and Amsterdam. I've been noticing some interesting regional differences, but it may just be smaller sample of knocks for those sites so far. I'll set up that contrib directory so that we can share our dashboards. I would be interested in looking at others' dashboards to suss out patterns.

by orojackson4 hours ago|

parent|

[-]

Side question: which cheap VPS are you using in Los Angeles? Looking to get one in the Southern California area.

by djkurlander3 hours ago|

parent|

[-]

My $6.75 per year vps was a Dedirock Black Friday sale that I found https://lowendtalk.com. https://cheapvpsbox.com/ reports several nice Los Angeles sales still going on from various providers. My London, Tokyo, and Amsterdam VPSs are holiday sales from RareCloud and Racknerd - all less than $19/year.

by djkurlander6 hours ago|

parent|

prev|

[-]

contrib directory added!

by mmarian4 hours ago|

prev|

[-]

> who keeps trying to log into your computer?

I'm curious, how do you think this helps you answer the question? Proxies are incredibly easy to come by these days, rotation makes it hard to identify what's behind it all.

by djkurlander3 hours ago|

parent|

[-]

That’s a valid point. We can easily see where the attack is coming from but not who or which botnet. Some of these can be inferred by the pattern of usernames and passwords attempted, and the ISPs. Someone suggested that I collect the client SSH signature as well, which would help. But you’re right, we don’t know who is behind the attacks.

by mmarian3 hours ago|

parent|

[-]

I'm guessing the SSH signatures can rotate as well. I remember someone did an analysis of rotation patterns for HTTPS requests; that's when they saw some interesting clusters.

by prox3 hours ago|

parent|

prev|

[-]

I saw an ISP called Microsoft, USA… is that an official microsoft computer doing that or something else?

by djkurlander2 hours ago|

parent|

[-]

Yes, Microsoft shows up a lot. Some of these bots are running on Azure.

My favorite ISP to spot occasionally is SpaceX / Starlink. That can’t be the most economical ISP for bot traffic, but machines can be infected, even on Starlink.

by tamimio3 hours ago|

prev|

[-]

Awesome, I loved it thanks for sharing it.

And I remember more than a decade ago I went down the rabbit hole hunting these bots and indeed, I found Netherlands was always the king of hill when it comes to bots, followed by US, Netherlands still there I see.

by djkurlander2 hours ago|

parent|

[-]

Some things never change.

One of my favorite visualizations for this is to switch to the globe view and choose the “HEAT” style for a 3D heatmap superimposed on the globe. Green means few hits, and red signifies lots of hits. The Netherlands is so small that it’s tough to see though!

by czbond4 hours ago|

prev|

[-]

Well done, OP.