When I started dabbling in running a web server a few years ago, I found out rather quickly that when you run a server, you *will* have "people" trying to SSH into it that you shouldn't be. Now whether these are botnets or active hackers, I don't know nor really care (if someone really wants to hack me, I probably don't have the knowledge to really stop them. I prefer to focus on catching 99.9% of low-hanging-fruit hackers).

The solution I have is to use Fail2ban which monitors the system log for failed SSH attempts and will automatically lock out these IP addresses (using iptables) for a configurable amount of time. After a host gets locked out, I get an email letting me know the IP and the result of a WHOIS lookup.

So, I have all these fun IP addresses and registered addresses of "people" I don't like. So what did I do? I counted them all up, and threw their information on a map that I can look at!

I wrote a C++ application that uses Qt to parse the data, get the lat-long for the address via GoogleMap's service, and count up the number of times I've seen that IP address overall.

<a href=http://localhost:4000/images/spammap-loaded-data.png">SpamMap Loaded Data

The list of IP addresses and counts are both sortable. Choosing a row will load that data into the map on the right side.

SpamMap Chosen Data

There were a couple of reasons I had for doing this. Primarily, I wanted a way to get back into C++ again (it's been quite a while). After attending Qt Developer Days in November 2010, I needed to actually stretch my desktop application developer legs (aside: I don't need to do that again anytime soon). The other motive is that after getting all of these emails about failed SSH attempts, I was rather curious to see what the primary geographic location where these attempts originate from.

As a note, this is most definitely far from any sort of production. I can't say I really cared enough to take the time to figure out how to do everything I wanted to do in Qt (sorry :(, Qt). So, fair warning, it is what it is.

Finally, I have a project page set up that you can view at https://projects.penguinsinabox.com/projects/spammap.