HEX
Server: Apache
System: Linux viper.innovativeinternet.net 4.18.0-553.80.1.lve.el8.x86_64 #1 SMP Wed Oct 22 19:29:36 UTC 2025 x86_64
User: thetradingroom (1095)
PHP: 8.3.25
Disabled: exec,passthru,shell_exec,system
$ pwd: /ibin/
Upload Files
File: //ibin/topfailedip
#lastb | awk '{print $3}' | sort | uniq -c | sort -rn | head -10
#!/bin/bash

# Check if the user provided the number of hours as a parameter
if [ -z "$1" ]; then
    echo "Usage: $0 <hours>"
    exit 1
fi

# Calculate the start time by subtracting the specified hours
start_time=$(date -d "$1 hours ago" "+%Y-%m-%d %H:%M")

# Get the top 10 IPs with failed logins and their counts
failed_logins=$(lastb --since "$start_time" | awk '{print $3}' | sort | uniq -c | sort -rn | head -10)

# Loop through each entry, get country and abuse info using ipinfo.io, and display the results
echo "Top 10 IPs with Failed Logins in the Last $1 Hours:"
echo "---------------------------------------------------"
printf "%-20s%-10s%-20s%-30s%-20s\n" "IP" "Failed Logins" "Country" "Abuse Email" "Abuse Country"
echo "-----------------------------------------------------------------------------------------"
while read -r count ip; do
    # Check if the entry is a valid IP address
    if [[ "$ip" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
        country=$(curl -s "https://ipinfo.io/$ip/country" | tr -d '\n')
        abuse_info=$(curl -s "https://ipinfo.io/$ip/abuse" | jq -r '.[0].email, .[0].country' 2>/dev/null)

        # Extract abuse email and country information
        abuse_email=$(echo "$abuse_info" | sed -n '1p')
        abuse_country=$(echo "$abuse_info" | sed -n '2p')

        # Skip entry if country is empty
        if [ -n "$country" ]; then
            printf "%-20s%-10s%-20s%-30s%-20s\n" "$ip" "$count" "$country" "$abuse_email" "$abuse_country"
        fi
    fi
done <<< "$failed_logins"
@ Telegram