I get ssh login attempts almost daily, mostly from DSL, asian or eastern european IP addresses but this one caught my eye:
Illegal users from these: 18.104.22.168 (ec2-75-101-221-220.compute-1.amazonaws.com): 210 times admin/password: 16 times test/password: 15 times tester/password: 15 times testing/password: 15 times guest/password: 14 times adm/password: 6 times administrator/password: 5 times . . .
It comes from Amazon Web Services! I thought that "cloud computing" for these attackers meant "bot network", but maybe that is not the case?
Let’s see what their abuse support says!