I get ssh login attempts almost daily, mostly from DSL, asian or eastern european IP addresses but this one caught my eye:
Illegal users from these:
75.101.221.220 (ec2-75-101-221-220.compute-1.amazonaws.com): 210 times
admin/password: 16 times
test/password: 15 times
tester/password: 15 times
testing/password: 15 times
guest/password: 14 times
adm/password: 6 times
administrator/password: 5 times
.
.
.
It comes from Amazon Web Services! I thought that "cloud computing" for these attackers meant "bot network", but maybe that is not the case?
Let’s see what their abuse support says!