yes, friends, this happened:

Apr 18 11:42:19 byteheap sshd-session[51555]: Failed keyboard-interactive/pam for invalid user mymagicpass228 from 178.20.210.185 port 10858 ssh2

#ssh #passwordguessers #passwordgropers #sshgropers #cybercrime #morons #groperbots #scriptkiddies

yes, this happened:

Apr 8 23:46:59 skapet sshd-session[69515]: Failed none for invalid user Can't locate List/Util.pm in @INC (you may need to install the List from 175.199.67.164 port 51226 ssh2

(and several times more, of course)
#ssh #bot #botnet #passwordgroping #passwordguessing #sshgropers #cybercrime #security

Background: "Badness, Enumerated by Robots" https://nxdomain.no/~peter/badness_enumerated_by_robots.html and links therein

A kiddie and their script, part N of N!

Mar 9 17:54:52 skapet sshd-session[97161]: Failed password for invalid user %company% from 20.83.3.189 port 17677 ssh2

#scriptkiddies #sshgropers #passwordguessing #cybercrime #ssh #security

And if you need some reading material, https://nxdomain.no/~peter/hailmary_lessons_learned.html (or g-tracked https://bsdly.blogspot.com/2013/10/the-hail-mary-cloud-and-lessons-learned.html)

I've heard of one-LETTER user names before, but trying ' as a user name takes a very special kind of ... something.

Jul 23 07:45:42 skapet sshd-session[12400]: Failed password for invalid user ' from 161.132.40.50 port 41338 ssh2

#sshgropers #cybercrime #cyberfail #passwordgropers #passwordguessing

Should I Stop Caring and Let IP Address Reputation Sort Them Out? https://nxdomain.no/~peter/should_i_stop_caring_and_let_ip_reputation_sort_them_out.html

How long does data on misbehaving hosts on the Internet stay relevant in an IP Address Reputation context?

Link to poll within (on for a week, 4 days left, please *do* vote).

#security #passwordguessing #antispam #sshgropers #pop3gropers #blacklists #blocklists #bruteforcers #spam #cybercrime #ipreputation

(repost for the CET-ish crowd, some still in holiday mode, and with graphics of sorts added)

I wonder what happened here:

May 29 05:19:33 portal sshd-session[12463]: Failed password for invalid user ^ from 196.251.89.193 port 38538 ssh2

no prizes, just puzzled

#ssh #passwordgroping #cybercrime #sshgropers

It will not be a surprise that the ovenight haul of new groped-for user IDs today included, almost #hailmary style, a bunch of vaguely #cryptocurrencly related ones, https://nxdomain.no/~peter/tuliptraders.txt, log extract https://nxdomain.no/~peter/tuliptraders-sshlog.txt. Do #cryptptulipcookers actually run as users with passwords anywhere?

Of course all of those are in the list of imaginary friends, see https://nxdomain.no/~peter/hailmary_lessons_learned.html and https://nxdomain.no/~peter/badness_enumerated_by_robots.html for background. #sshgropers #passwordguessing #cryptotulips #scams #cybercrime

So this happened:

Jan 30 03:07:16 skapet sshd-session[94311]: Failed password for invalid user "> from 165.231.182.56 port 15613 ssh2

I wonder if we are seeing a variant of "gropefor database down, feeding raw html to the ssh gropebot" scenario again such as in https://nxdomain.no/~peter/so_somebody_is_throwing_html_at_your_sshd.html #sshgropers #sshd #passwordguessing #passwordgroping #passwords #cybercrime

Friday night follies included several attemtpts from [email protected] to deliver spam to one of the imaginary friends at https://nxdomain.no/~peter/traplist.shtml as well as somebot attempting to ssh in as user <space>, which for #shell reasons will not be able to join the 500k+ #spamtraps

All while you were sleeping. #spamd #cybercrime #antispam #sshgropers #passwordguessing