Viewing the Top-Ten Worst SSH Attackers

If you must maintain an 'open' SSH server, this might come in handy.
This is a quick way to view the top ten worst offending SSH
attackers in your secure log. It works on Red Hat-based Linux boxen
(e.g., CentOS, Fedora), but it can easily be modified for other OS's
by just changing the pattern or logfile.

[root@mail ~]# grep 'Failed password for invalid user' /var/log/secure* \
| perl -nle 'print $1 if /from.+?(\d+\.\d+\.\d+\.\d+)/' \
| sort -n | uniq -c | sort -nr | head -n 10
   1888 200.123.110.118
   1058 187.17.82.179
   1010 72.2.10.4
    372 201.38.138.2
    330 189.19.9.217
    250 218.61.35.119
    250 210.181.198.94
    146 88.199.11.170
    140 72.55.164.232
    140 115.93.93.123
[root@mail ~]#