Sunday, 20 February 2011

Name and shame

My computer sits on the net full time in the DMZ of my network. For years its been setup this way and of course I have a LOT of attempts to hack in.
I eventually thought I would setup a new way of logging these attempts but wanted a more public listing of them. Thats when I came up with my twitter idea.
The plan, collect all these attempts and send them to a feed on twitter in real-time. Once the feed is working correctly, write a daemon to monitor the feed and plug it back into /etc/host.deny......
So my initial work is done and via a few Perl scripts I send it out to  https://twitter.com/breakinlog. It is now very surprising how many hacking attempts are made on my computer, 9602 since the beginning of the year. Also surprising is that I have maintained 10 followers (turn over is about 10/month) for the 6 months of the project so far.
People will follow anything, even auto generated logging.....
So where to now?  Writing the client side scripts to watch the feed :)