[CentOS] SSH attacks from china

Thu Jul 23 16:48:44 UTC 2009
Sam Drinkard <sam at wa4phy.net>

Bob Hoffman wrote:
> Okay, I have a server connected to the net but have not added fail2ban or
> anything on top of my firewall yet.
>
> Thought you guys might get a kick out of this one user, ip is from china,
> who has got a heck of a knack for making assumptions on possible usernames.
>
> Enjoy this..., 8000+ attempts. Scroll down for funky ones. I have no root
> access enabled on this server and it is pretty bare. Just using it as a
> collector of banable ips right now and it is doing a good job. 
> But some of these are quite interesting when you look at the keyboard
> layout. They really must try to figure this mental thing out...wow.
>
> If you take some time, there are some down right funny usernames like
>
> 1am0nly4Joomla
> Igor
> scoobydoo
> $chooLg1rL
>
> So for all you out there that think your cool way of making a username is
> unique and not to be guessed, you might want to look at some of the lengths
> this one bot went to.
>
> 58.53.192.47: 8002 times
>        test/password: 48 times
>        user/password: 45 times
>        fax/password: 43 times
>        www/password: 34 times
>        info/password: 27 times
>        /password: 24 times
>        bill/password: 24 times
>        httpd/password: 23 times
>        1q2w3e/password: 21 times
>        admin/password: 21 times
>
>   
<snip the other 7995 >

I think that would definitely classify as a dictionary attack.. but what 
dictionary has all those kinds of entries :)

Sam