IP Address GeoCoding and Plotting on Map

- - posted in Technical | Tagged as ipaddress,geocoding,webattacks,IP-block | Comments

Sometimes back I had setup ssh on raspberry pi and allowed to login from internet, obviously using the public key encyption. After few days I noticed that lot of people/systems were trying to login and failing from various different IPs. So I block them using Fail2ban. I am Not gonna talk about Fail2ban, as its completely vast topic on its own.

Fail2ban : It provides a way to automatically protect virtual servers from malicious behavior. The program works by scanning through log files and reacting to offending actions such as repeated failed login attempts.

Once blocked I wanted to see from where I was getting attacked the most. So I plotted them on map using some free apis. Here is my fail2ban config for creating a file of all blocked IP addresses.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
/pathToFail2ban/action.d/iptables-multiport.conf

[Definition]

# Option:  actionstart
# Notes.:  command executed once at the start of Fail2Ban.
# Values:  CMD
#

actionstart = iptables -N fail2ban-<name>
              iptables -A fail2ban-<name> -j RETURN
              iptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
              cat /etc/fail2ban/ip.blacklist.persistban.<name> | while read IP; do iptables -I fail2ban-<name> 1 -s $IP -j DROP; done



# Option:  actionban
# Notes.:  command executed when banning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    <ip>  IP address
#          <failures>  number of failures
#          <time>  unix timestamp of the ban time
# Values:  CMD
#
actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
            echo <ip> >> /etc/fail2ban/ip.blacklist.persistban.<name>
            echo <ip> >> /pathToMysite/blocked_ipaddresses.txt

I used ipmapper which uses google maps api for geocoding.

Here is my html code to plot those blocked IPs.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
<html>
<head>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js"></script>
    <script type="text/javascript" src="http://maps.google.com/maps/api/js?sensor=false"></script>
    <script type="text/javascript" src="ipmapper.js"></script>
    <meta name="viewport" content="initial-scale=1.0, user-scalable=no" />
    <style>
      html, body, #map {
        height: 100%;
        margin: 0px;
        padding: 0px;
      }
    </style>
    <script type="text/javascript">
    $(function(){
        try{
                var useragent = navigator.userAgent;
                var mapdiv = document.getElementById("map");
                console.log(useragent.indexOf('iPhone'));
                if (useragent.indexOf('iPhone') == -1 || useragent.indexOf('Android') == -1 ) {
                        mapdiv.style.width = '100%';
                        mapdiv.style.height = '100%';
                } else {
                        mapdiv.style.width = '600px';
                        mapdiv.style.height = '800px';
                }

                IPMapper.initializeMap("map");

                var file = "../data/blocked_ipaddresses.txt";
                var ipArray = new Array();
                $.get(file, function(data){
                        ipArray = data.split('\n');
                        //console.log("Raw array length is -" + ipArray.length);
                        IPMapper.addIPArray(ipArray);
                });

        } catch(e){
            //handle error
        }
    });
    </script>
</head>
<body>
    <div id="map" style="height: 800px;"></div>
</body>
</html>

Here is the output plotted on the map... :)

alt

hmm.. lot of friendly visits from China and Russia... :)

Chow...






Gravatar of Ashwani Kumar

Recent posts


Subscribe



Your Feedback encourages me




Learning and Developments

One Month Rails



, 2FA, AWS AWS, Active Authenticator Directory, Facebook Flash, Forwarding, GOD,Chat,Coffee Github,Feedback,Repo Google Google,Search HAProxy, IOT, IP-block JQuery LetsEncrypt Load MQ MQTT, Messaging Octopress Octopress, OpenVpn OpenVpn, PI, Plugin Plugin, Port Raspberry, S3, SSH, Shell,Commands Soapui, Tag Tag, Tree, Tunneling XML XML, XServer, Xming ajax, angular, animated architecture architecture, azure balancing cloud, commenting, connectivity datapower datatables diagrams diaspora dropdown geocoding grep, hashicorp, ipaddress, ipv6, java, java,python mysql nokogiri, octopress-migration octopress-plugin openapi, openssl powershell proxy rails, repo reviews ruby, script scripts, security, sharepoint shell spring springboot, ssh, swagger, telnet, vault vi, vieditor vim, visualblock, webattacks windows,cleanup windowsxp