Too Long; Didn't Read
With a bit of Linux command line kung fu, some Golang, and Google sheets, I was able to get a pretty good idea of where the attacks are coming from. I'm using CentOS to host my site, so I checked out /var/log/secure. This log is where authentication logs are stored on my server. I wanted to extract the IP address of attackers from this file. It will do this for all of the messages I have in my "badstrings" list. It then dumps the IP into a temp.txt file.