A kiddie and their script, part N of N!

Mar 9 17:54:52 skapet sshd-session[97161]: Failed password for invalid user %company% from 20.83.3.189 port 17677 ssh2

#scriptkiddies #sshgropers #passwordguessing #cybercrime #ssh #security

And if you need some reading material, https://nxdomain.no/~peter/hailmary_lessons_learned.html (or g-tracked https://bsdly.blogspot.com/2013/10/the-hail-mary-cloud-and-lessons-learned.html)

I've heard of one-LETTER user names before, but trying ' as a user name takes a very special kind of ... something.

Jul 23 07:45:42 skapet sshd-session[12400]: Failed password for invalid user ' from 161.132.40.50 port 41338 ssh2

#sshgropers #cybercrime #cyberfail #passwordgropers #passwordguessing

Should I Stop Caring and Let IP Address Reputation Sort Them Out? https://nxdomain.no/~peter/should_i_stop_caring_and_let_ip_reputation_sort_them_out.html

How long does data on misbehaving hosts on the Internet stay relevant in an IP Address Reputation context?

Link to poll within (on for a week, 4 days left, please *do* vote).

#security #passwordguessing #antispam #sshgropers #pop3gropers #blacklists #blocklists #bruteforcers #spam #cybercrime #ipreputation

(repost for the CET-ish crowd, some still in holiday mode, and with graphics of sorts added)

I wonder what happened here:

May 29 05:19:33 portal sshd-session[12463]: Failed password for invalid user ^ from 196.251.89.193 port 38538 ssh2

no prizes, just puzzled

#ssh #passwordgroping #cybercrime #sshgropers

It will not be a surprise that the ovenight haul of new groped-for user IDs today included, almost #hailmary style, a bunch of vaguely #cryptocurrencly related ones, https://nxdomain.no/~peter/tuliptraders.txt, log extract https://nxdomain.no/~peter/tuliptraders-sshlog.txt. Do #cryptptulipcookers actually run as users with passwords anywhere?

Of course all of those are in the list of imaginary friends, see https://nxdomain.no/~peter/hailmary_lessons_learned.html and https://nxdomain.no/~peter/badness_enumerated_by_robots.html for background. #sshgropers #passwordguessing #cryptotulips #scams #cybercrime

So this happened:

Jan 30 03:07:16 skapet sshd-session[94311]: Failed password for invalid user "> from 165.231.182.56 port 15613 ssh2

I wonder if we are seeing a variant of "gropefor database down, feeding raw html to the ssh gropebot" scenario again such as in https://nxdomain.no/~peter/so_somebody_is_throwing_html_at_your_sshd.html #sshgropers #sshd #passwordguessing #passwordgroping #passwords #cybercrime

Friday night follies included several attemtpts from [email protected] to deliver spam to one of the imaginary friends at https://nxdomain.no/~peter/traplist.shtml as well as somebot attempting to ssh in as user <space>, which for #shell reasons will not be able to join the 500k+ #spamtraps

All while you were sleeping. #spamd #cybercrime #antispam #sshgropers #passwordguessing

Another one for the #ssh #password #groper #blooper reel:

Nov 4 15:24:12 portal sshd-session[16361]: Failed password for invalid user user1!2@3#4$ from 185.11.61.88 port 40254 ssh2

#sshgropers #passwordguessing #cybercrime

(also to be added posthaste, with a domain appended, to the list of imaginary friends at https://nxdomain.no/~peter/traplist.shtml) #spamtraps

As far as we can tell,

Nov 2 10:13:18 skapet sshd-session[52030]: Failed password for invalid user galadriel from 201.249.89.102 port 57834 ssh2

Galadriel lives in Venezuela now #sshgropers #ssh #passwordguesssing #passwordgropers #bot #botnet #cybercrime #lotr #notlotr #elves #notelves