[CentOS] SSH attacks from china
Sam Drinkard
sam at wa4phy.net
Thu Jul 23 16:48:44 UTC 2009
Bob Hoffman wrote:
> Okay, I have a server connected to the net but have not added fail2ban or
> anything on top of my firewall yet.
>
> Thought you guys might get a kick out of this one user, ip is from china,
> who has got a heck of a knack for making assumptions on possible usernames.
>
> Enjoy this..., 8000+ attempts. Scroll down for funky ones. I have no root
> access enabled on this server and it is pretty bare. Just using it as a
> collector of banable ips right now and it is doing a good job.
> But some of these are quite interesting when you look at the keyboard
> layout. They really must try to figure this mental thing out...wow.
>
> If you take some time, there are some down right funny usernames like
>
> 1am0nly4Joomla
> Igor
> scoobydoo
> $chooLg1rL
>
> So for all you out there that think your cool way of making a username is
> unique and not to be guessed, you might want to look at some of the lengths
> this one bot went to.
>
> 58.53.192.47: 8002 times
> test/password: 48 times
> user/password: 45 times
> fax/password: 43 times
> www/password: 34 times
> info/password: 27 times
> /password: 24 times
> bill/password: 24 times
> httpd/password: 23 times
> 1q2w3e/password: 21 times
> admin/password: 21 times
>
>
<snip the other 7995 >
I think that would definitely classify as a dictionary attack.. but what
dictionary has all those kinds of entries :)
Sam
More information about the CentOS
mailing list