PiAlert Tracks Attempted Server Logins and Provides Simple Status Updates About Them

It is pretty much a guarantee that any publicly accessible server will receive login attempts from unauthorized sources. Most of these aren’t coming from some black hat hacker trying to bypass your firewall and crack into your mainframe, but rather automated bots that crawl from server to server looking for easy access. They’re usually only testing common or default passwords in order to find servers that system admins put online but didn’t bother to secure properly. They aren’t much of a threat if you did setup your security correctly, but it can still be useful to monitor the attempts. That’s why Nick made PiAlert-V1 to track those attempts and display data about them in a simple manner.

Nick has multiple virtual private servers, and recently experienced an incident in which one was compromised in order to redirect users from an unused domain address to another server hosting malware. This was, appropriately, flagged and Nick looked into the issue. The problem was solved, but Nick found that it was quite interesting to look at automated login attempts. What were they trying access and how were they trying to access it? Server logs record that information, and Nick wanted a way to quickly and easily take a look at the data. The PiAlert-V1 was built in order to show that information in a simple, easily digestible way: with indicator lights and a counter.

As you probably guessed, the PiAlert-V1 device is based on a Raspberry Pi, specifically, the Pi Zero W. The only other hardware required was a Pimoroni Blinkt! LED indicator strip and a four-digit seven-segment LED display. The Blinkt! module has eight individual RGB LEDs, which Nick is using to indicate which kind of login attempt data is being shown. For example, one LED would indicate a SSH password login attempt on port 22, while another LED would indicate an SSH key login attempt. The numerical readout lists the number of login attempts of that specific type. The hardware was enclosed in a 3D-printed case.

The code running on the Raspberry Pi is a mess, by Nick’s own admission, but he does provide all of it if you want to use it for your own purposes.