How to write a script to detect anomalous login locations

0 votes

I am trying to improve security monitoring by detecting logins from unusual locations. My questions are:

  • How can I extract IP addresses from authentication logs (/var/log/auth.log, /var/log/secure)?
  • How can I use geolocation APIs (like ipinfo.io, MaxMind) to map IPs to locations?
  • How to define an "anomalous" login (e.g., new country, unusual time, failed attempts)?

A Python or Bash script that automates this detection and sends alerts would be useful.

Feb 26, 2025 in Cyber Security & Ethical Hacking by Anupam
• 18,960 points 386 views

No answer to this question. Be the first to respond.

Your answer

Your name to display (optional):
Privacy: Your email address will only be used for sending these notifications.

Related Questions In Cyber Security & Ethical Hacking

+1 vote
1 answer

How can I write a Ruby script to automate the process of brute-forcing a login form?

In order to create a Ruby script ...READ MORE

answered Oct 23, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
 • 31,260 points 1,079 views
0 votes
0 answers

How do I write a simple PERL script to scan for open ports on a target machine?

I’m learning about network security and I ...READ MORE

Oct 17, 2024 in Cyber Security & Ethical Hacking by Anupam
• 18,960 points 795 views
+1 vote
1 answer

How to write a Python script for XSS vulnerability detection?

Detecting Cross-Site Scripting (XSS) vulnerabilities is crucial ...READ MORE

answered Feb 19, 2025 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
 • 31,260 points 1,141 views
0 votes
1 answer

How to write a script to check for insecure HTTP headers?

Ensuring the security of your web application ...READ MORE

answered Feb 21, 2025 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
 • 31,260 points 468 views
0 votes
0 answers

How to detect ARP spoofing using a Python script?

ARP spoofing is a technique used to ...READ MORE

Mar 5, 2025 in Cyber Security & Ethical Hacking by Anupam
• 18,960 points 1,526 views
0 votes
1 answer

How can I force the login to a specific ip address?

Try to access the router's default page. It's ...READ MORE

answered Feb 15, 2022 in Cyber Security & Ethical Hacking by Edureka
 • 12,730 points 2,295 views
+1 vote
1 answer

How do you decrypt a ROT13 encryption on the terminal itself?

Yes, it's possible to decrypt a ROT13 ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
 • 31,260 points 4,593 views
+1 vote
1 answer

How does the LIMIT clause in SQL queries lead to injection attacks?

The LIMIT clause in SQL can indeed ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
 • 31,260 points 1,410 views
+1 vote
1 answer

Is it safe to use string concatenation for dynamic SQL queries in Python with psycopg2?

The use of string concatenation while building ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
 • 31,260 points 1,239 views
+1 vote
1 answer

How can I use Python for web scraping to gather information during reconnaissance?

Python is considered to be an excellent ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
 • 31,260 points 1,255 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.