Bad SSH and FTP attempts

This is a manually generated list of all hosts that have tried to hack my machine via bruteforce. Both SSHd (port 22) and FTPD (port 21) are shown here. Any access after a few tries to allow for typos are counted towards illegal access. These attacks are extremely annoying and I do wish it stopped, I will see to it that your ISP gets notified when I see the attempts. Don't be surprised if your network connection disappears if you make it to this list. And I don't care if you were hacked or not, it's up to you to make sure your machine is not a zombie. Thank Bill Gates and Microsoft for no general public code audits. Thank yourself for not auditing your machine if you made it onto this list. If you wish for me to remove a specific entry, please email 'blc+ssh' at this host's mail server ( and give me proof that your machine is cleaned of all trojans and no longer vulnerable to attack. Note: hosts that have forward and reverse DNS mismatch will require DNS fix to be included in their audit.

To avoid useless search engine crawler entries, you may specify option id=ipaddr to this script to obtain the logfiles associated with this IP address. You can also specify link to make this script make links for each entry. If you're curious about country breakdown, try specifying country. Currently China loses the most, then the USA, and Korea is quickly catching up. Also I have to say the US Educational system seems to have mostly kept their networks clean, three cheers for those admins to keep that up.


I don't auto-remove entries - these were from when I started keeping track of these attempts.

You may wonder why I post this here? Could this list be exploited? Why yes! I hope that perhaps another botnet master finds that host and breaks into it too. And hopefully they will have enough conflicting software to cause that machine to crash or become ''painfully'' obvious that it has been compromised. My goal is to have as many zombie bots removed from the network as I can, and if someone double hacks the machine and brings it to its knees...well, at least it's off the net.

Note: machines may continue to try to bruteforce my machine after the logfiles shown here. I filter out these addresses after seeing them, so they may appear to stop. At some later date I'll include subsequent attempts.

Look into the package 'Fail2ban' if you want some automated protection system. I'm just manually doing it to my hosts.deny and IP tables.

This has been discontinued for now.