~ anton@antonsatt
~ / projects / ssh-radar
type: Personal Project when: Feb 2026 status: Live & Running

SSH Radar

Real-Time Attack Monitoring

A real-time monitoring and visualization platform that tracks failed SSH login attempts on a Linux server. Built after discovering thousands of brute-force login attempts from bots worldwide.

SSH Radar - World Map View — click to enlarge

Why I Built This

It started when I opened port 22 on my Oracle Cloud server and discovered thousands of brute-force login attempts from bots worldwide. Instead of just blocking them, I decided to build a full pipeline to collect, enrich with geolocation data, and visualize these attacks in real time.

"Every 5 minutes, real attack data flows through the pipeline — parsed, geolocated, and visualized. It's not simulated. It's the internet trying to break in."

Key Features

Real-Time Live Feed

Failed login attempts replayed with a 5-minute delay, Web Audio API blip sounds, deduplication. Shows timestamp, username, IP, and location.

Stats Dashboard

5 live stat cards: Total Attempts, Today's Attempts, Unique IPs, Countries, and Days of Data — all auto-refreshing.

Top Targets Carousel

Scrolling display of the 10 most attacked usernames with attempt counts.

Embedded Grafana Panels

World map with attack markers, daily/hourly trend lines, top countries pie chart, top IPs/usernames bar charts.

Automated Pipeline

Host cron runs lastb every 5 minutes, Python parses and deduplicates, enriches IPs with geolocation, and bulk inserts to PostgreSQL.

45 Automated Tests

Parser tests, geolocation tests, and integration tests with temporary Docker PostgreSQL.

Architecture

Internet → HTTPS (Let's Encrypt)
  → nginx-proxy
    → Frontend (React SPA via Nginx) :80
    → Grafana :3000
    → PostgreSQL :5432 (localhost only)
Host cron (every 5 min):
  lastb -F → Python parser → Geolocation enrichment → PostgreSQL

Tech Stack

Python 3 PostgreSQL 16 Grafana OSS React 18 TypeScript Vite Docker Compose Nginx MaxMind GeoLite2 Oracle Cloud Cron

Screenshots

SSH Radar - World Map View
SSH Radar - Dashboard Panels