I used to get a couple hosts bounced a week… They’d try to brute-force username/password combos over ssh and DenyHosts would ban their IP after 5 failed logins.
For a couple days last week, I probably had about 50 in a 24-hour period, and then they went away as quickly as they started.
Today… Well, today is insane. As this site confirms, GMail limits a “conversation” to 61 conversations. So as this screenshot shows…
Current count: since 10pm last night, 338 different hosts have tried…
“avian” and “avidan” keep getting tried as the first guesses… Good thing I haven’t given any birds a shell account with a blank password? Or a guy named Dan who’s a big fan of .avi’s?
Looks like it’s a major botnet, which is pretty foolishly brute-forcing hosts on each IP it finds… (Which means it’s exposing each of its members?)