Amazon Web Services used for ssh login attempts

I get ssh login attempts almost daily, mostly from DSL, asian or eastern european IP addresses but this one caught my eye: Illegal users from these: 75.101.221.220 (ec2-75-101-221-220.compute-1.amazonaws.com): 210 times admin/password: 16 times test/password: 15 times tester/password: 15 times testing/password: 15 times guest/password: 14 times adm/password: 6 times administrator/password: 5 times . . . It… Continue reading Amazon Web Services used for ssh login attempts

Domain-name based ssh login attempts

The last few weeks I have noticed some illicit ssh login attempts that uses parts of the reverse DNS domain name as user name when it tries to login. The last attempt looked like this in my LogWatch summary: Illegal users from these:     195.38.107.55 (aquila.euroexpert.tvnet.hu): 9 times        root/password: 4 times        cenara/password: 2… Continue reading Domain-name based ssh login attempts