A dashboard for digging through break-in attempts

While I have been between jobs lately (no, not that kind. The good kind where I have been fortunate to get some time to relocate etcetera) I have been hacking a bit on something to visualize and dig through the data of failed login attempts of a blog I run. I send all login attempts that does not come over SSL to a pseudo login page that just logs it, that is the kind of thing I do for fun -what do other people do?

So I have been collecting this data set and I was running some shell scripts on it, but I wanted a dashboard.
Boring story cut short I threw some Bootstrap, jqplot, PHP, a shell script for importing my log and a sqlite3 database at the wall and this is what stuck.

One of the nice things with using Bootstrap is that people are spared from my web design, and also that I get a responsive layout for free.

Lilith dashboard version 0.1

This is where it is at right now, this first version however just gave me a thousand more ideas of features I want to add to it in the future.

It has already given me some interesting insight into the patterns of the -presumedly- bots trying to log in, such as that 72% of the IPs only appear once and that Sunday is by far the most busy day. Another interesting pattern is that most login attempts keep coming in threes from different IPs at almost the same time trying the same combination(see the last section with the last 10 rows from the log).

I plan on making this available as open source, but there is some major cleanup needed first..

Sounds good? Let me know in the comments. I do like feedback, but please keep it above the belt!


Leave a Reply

Your email address will not be published. Required fields are marked *