ssh Brute-force Attempts

I used to get a couple hosts bounced a week… They’d try to brute-force username/password combos over ssh and DenyHosts would ban their IP after 5 failed logins.

For a couple days last week, I probably had about 50 in a 24-hour period, and then they went away as quickly as they started.

Today… Well, today is insane. As this site confirms, GMail limits a “conversation” to 61 conversations. So as this screenshot shows…

Failed ssh logins

2 thoughts on “ssh Brute-force Attempts

  1. Current count: since 10pm last night, 338 different hosts have tried…

    “avian” and “avidan” keep getting tried as the first guesses… Good thing I haven’t given any birds a shell account with a blank password? Or a guy named Dan who’s a big fan of .avi’s?

  2. Looks like it’s a major botnet, which is pretty foolishly brute-forcing hosts on each IP it finds… (Which means it’s exposing each of its members?)

Leave a Reply to Matt Cancel reply

Your email address will not be published. Required fields are marked *