So I started pondering what I could do to try to stop this. Perhaps I could write a little script that works out who the appropriate admin is and emails them? Yes, but I think that might cause me rather a lot of trouble. I can’t exactly send the logs to my ISP or to the Police – simply attempting to connect to a ssh server isn’t exactly strong evidence of nefarious intent.
So instead I thought I’d just publish them – each day’s log is uploaded to the downloads section as a text file.
If I get bored and fancy writing some php then I’ll start stuffing them into a database so we can run some basic analysis on them – produce graphs and run some analysis.