Just some ramblings from me about tech, the world and and everything. Mostly for me to remember how to stuff or how it really really was back when I did the stuff I maybe could like to remember.

Top 50 usernames used in the past 24 hours SSH break-in attemts

TLDR; Protect SSH logins on any (linux) server. Follow something like https://www.linode.com/docs/security/securing-your-server . I remove rootlogin,password and set only specific users in my /etc/ssh/sshd_config file. Fail2ban is also a very useful tool to have installed. And enable ufw as firewall.

So I have just started to look a bit closer to my logs on my vanilla Ubuntu 14.04 server on digital ocean. The logs reveals a steady stream of ssh login attempts. Last 24 hours with failed ssh logins.

I know this do not look like much but its my almost unused server. And its quite steady.

So here is the list of the used names:

Value % Count
root 11.36% 61
oracle 4.47% 24
test 4.10% 22
git 3.72% 20
nagios 3.35% 18
user 2.98% 16
admin 2.23% 12
toor 1.86% 10
jack 1.86% 10
students 1.49% 8
pi 1.49% 8
mysql 1.12% 6
john 1.12% 6
testuser 1.12% 6
alex 1.12% 6
ftpuser 1.12% 6
postgres 0.93% 5
dspang 0.74% 4
support 0.74% 4
user1 0.74% 4
student 0.74% 4
www 0.74% 4
info 0.74% 4
prueba 0.74% 4
test1 0.74% 4
vnc 0.74% 4
ubuntu 0.74% 4
teamspeak 0.74% 4
a 0.74% 4
davids 0.37% 2
dark 0.37% 2
daniel 0.37% 2
crimson 0.37% 2
contact 0.37% 2
cm8158 0.37% 2
cloud 0.37% 2
brown 0.37% 2
bpeddineni 0.37% 2
bnn 0.37% 2
database 0.37% 2
black 0.37% 2
av7112 0.37% 2
atendimento 0.37% 2
as6394 0.37% 2
as4246 0.37% 2
ana 0.37% 2
dd9127 0.37% 2
debian 0.37% 2
aaa 0.37% 2
bm3528 0.37% 2

Yeah

The the blog about absolutely nothing is back. Upgrade to last version of Ghost and postgres also meant dumping the old stuff. Maybe someday it will be back.

Yip