Peter N. M. HansteenMay 25

oh, somebot is in trouble:

May 25 13:26:54 skapet sshd-session[30936]: Failed password for invalid user Can't open exe from 2a02:4780:10:8ba4::1 port 34842 ssh2
May 25 13:26:56 skapet sshd-session[92221]: Failed password for invalid user Can't open exe from 2a02:4780:10:8ba4::1 port 34856 ssh2

#ssh #sshgropers #passwordgroping #passwordguessing #bots #botnets #cybercrime

Peter N. M. HansteenMay 23

Yes, this happened:

May 23 09:54:39 skapet sshd-session[44948]: Failed password for invalid user root/1234567 from 109.248.231.249 port 52134 ssh2

Must have worked *somewhere* at least *once*, right?

#cybercrime #ssh #passwordgroping #passwordguessing #morons #scriptkiddies

Peter N. M. HansteenMay 20

Oh, so somebot thought this would work:

May 20 04:04:16 portal sshd-session[90553]: Failed password for invalid user $ from 23.94.213.157 port 41886 ssh2

#ssh #passwordgroping #botnets #bots #cybercrime

Peter N. M. HansteenApr 9

yes, this happened:

Apr 8 23:46:59 skapet sshd-session[69515]: Failed none for invalid user Can't locate List/Util.pm in @INC (you may need to install the List from 175.199.67.164 port 51226 ssh2

(and several times more, of course)
#ssh #bot #botnet #passwordgroping #passwordguessing #sshgropers #cybercrime #security

Background: "Badness, Enumerated by Robots" https://nxdomain.no/~peter/badness_enumerated_by_robots.html and links therein

Badness, Enumerated by Robots

Peter N. M. HansteenFeb 23
A mention elsewhere of the insufferable ssh password guessers has me reprise my "The Hail Mary Cloud and the Lessons Learned" https://nxdomain.no/~peter/hailmary_lessons_learned.html piece, with a note added at the end about endlessh as a possible refinement (yes, I use it) #ssh #passwords #passwordguessing #passwordgroping #endlessh #openbsd #freebsd #pf #packetfilter #security #cybercrime
The Hail Mary Cloud And The Lessons Learned

Peter N. M. HansteenFeb 17

Over at LinkedIn, somebody posted the results of putting a Linux server with sshd exposted to the internet for 30 days recently.

In that particular area, not much seems to have changed since the early years of this century when the events chronicled here https://nxdomain.no/~peter/hailmary_lessons_learned.html (or if you prefer Big G's trackers, https://bsdly.blogspot.com/2013/10/the-hail-mary-cloud-and-lessons-learned.html) occurred.

#ssh #passwordguessing #rootlogin #weakspaswords #passwordgroping #cybercrime

The Hail Mary Cloud And The Lessons Learned

Peter N. M. HansteenDec 24
Possibly not blogworthy, but: One puzzling side effect of running greytrapping (as chronicled in https://nxdomain.no/~peter/eighteen_years_of_greytrapping.html) is seeing the uptick in password guessing using even the obviously generated gibberish local parts, and the sheer volume of tries (see https://nxdomain.no/~peter/should_i_stop_caring_and_let_ip_reputation_sort_them_out.html and links therein). #greytrapping #passwordguessing #passwordgroping #spamd #ssh #pop3gropers
Eighteen Years of Greytrapping - Is the Weirdness Finally Paying Off?

Peter N. M. HansteenDec 6, 2025
This is what a #bugbounty hunt looks like, right? https://nxdomain.no/~peter/20251206_bugbounnty_hunter_at_work.txt #securityresearch #scriptkiddies #morons #wordpress #passwordgroping
Peter N. M. HansteenOct 9, 2025

Hm. Over at the facesite I commented on a post about #bruteforce attacks on a commercial network product with a link to https://nxdomain.no/~peter/badness_enumerated_by_robots.html, and got a followup asking whether I have bruteforce protection "in front of" my ssh servers.

And this only hours after I scared the cat by LOL from seeing that the #pop3gropers are actively trying the local parts of my freshly random spamtraps (see https://nxdomain.no/~peter/eighteen_years_of_greytrapping.html a bit down the page). #passwordgroping #cybercrime

Badness, Enumerated by Robots

Show threadPeter N. M. HansteenOct 4, 2025
On a similar note, idle minds might wonder what "luax" is - log excerpt https://nxdomain.no/~peter/who_or_what_is_luax.txt #luax #ssh #sshgropers #passwordgroping #passwordguessing #cybercrime #security #bots