Amazon Web Services used for ssh login attempts

I get ssh login attempts almost daily, mostly from DSL, asian or eastern european IP addresses but this one caught my eye:

 Illegal users from these:
    75.101.221.220 (ec2-75-101-221-220.compute-1.amazonaws.com): 210 times
       admin/password: 16 times
       test/password: 15 times
       tester/password: 15 times
       testing/password: 15 times
       guest/password: 14 times
       adm/password: 6 times
       administrator/password: 5 times
       .
       .
       .

It comes from Amazon Web Services! I thought that "cloud computing" for these attackers meant "bot network", but maybe that is not the case?

Let’s see what their abuse support says!

 

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.