Mailinglist Archive: opensuse-security (332 mails)

< Previous Next >
SSH password attacks
  • From: suse@xxxxxx
  • Date: Mon, 20 Sep 2004 11:40:23 -0400
  • Message-id: <20040920114023.dr40cogogg044sgo@xxxxxx>
This may not be strictly SuSE related, but what the heck: Lately, I've been
getting tons of attempts to login via ssh for "guest", "test", "user", and
"admin". Plenty others for root, and even one that seemed to have been a list
of some script kiddie's /etc/passwd. The root ones are pretty obvious and
always blocked, but I've found the others rather curious.

Does anyone running a unix server really use "guest", "test", "user", or "admin"
as real accounts? Judging by the volume of attempts I'm getting, there has to
be something causing this. Was a borked version of ssh server released for
windows, or something? Or is this trying to connect to zombie machines? From
what I understand, ssh server isn't common on windows, and those accounts
certainly aren't common to unix... Anyone know what's going on here?

(I'm not worried about my machines, root is blocked by sshd and I don't have the
other accounts, I'm just curious.)

< Previous Next >