Since the notifications from my NAS about failed admin login attempts continue to pour in, I rewrote my script to make it even more automated. It now pulls the logs from the NAS directly so I don't have to take a screenshot from Synology Active Insights, parses the IP addresses out of the logs automatically, caches whois lookups so I don't have to keep reselecting abuse addresses to use, and keeps historical records of how many IPs have been attacking for the past 24 hours.
#infosec
Jonathan Kamens /
npub1et…7vupq
2025-03-16 01:02:01
in reply to nevent1q…3fl6
Author Public Key
npub1ethstkst9853uj0l37x0v878y0am5j50at9l50ux6qrxpxuv6xpsh7vupqPublished at
2025-03-16 01:02:01Event JSON
{
"id": "76ed307c8090c1605bae2926d9e2eb6ae2ad67dfdc7a2a276e5e30e7c57c2d57",
"pubkey": "caef05da0b29e91e49ff8f8cf61fc723fbba4a8feacbfa3f86d006609b8cd183",
"created_at": 1742086921,
"kind": 1,
"tags": [
[
"e",
"4ee354daced881a19f2e4c1c6d6d1b6323c7c4ddc9ceae3613838f1fe56acb80",
"wss://relay.mostr.pub",
"reply"
],
[
"t",
"infosec"
],
[
"proxy",
"https://federate.social/users/jik/statuses/114169408511188658",
"activitypub"
]
],
"content": "Since the notifications from my NAS about failed admin login attempts continue to pour in, I rewrote my script to make it even more automated. It now pulls the logs from the NAS directly so I don't have to take a screenshot from Synology Active Insights, parses the IP addresses out of the logs automatically, caches whois lookups so I don't have to keep reselecting abuse addresses to use, and keeps historical records of how many IPs have been attacking for the past 24 hours.\n#infosec",
"sig": "12ed4b0d7068e858c9ae19300476b99c777f52e38b726767150f141a51171fb41b122e075a2fd338fcada2e552f1724bca1af3e405c7eb6a57c311ee83c27cad"
}