[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] SSH password attacks

This may not be strictly SuSE related, but what the heck: Lately, I've been
getting tons of attempts to login via ssh for "guest", "test", "user", and
"admin".  Plenty others for root, and even one that seemed to have been a list
of some script kiddie's /etc/passwd.  The root ones are pretty obvious and
always blocked, but I've found the others rather curious.

Does anyone running a unix server really use "guest", "test", "user", or "admin"
as real accounts?  Judging by the volume of attempts I'm getting, there has to
be something causing this.  Was a borked version of ssh server released for
windows, or something?  Or is this trying to connect to zombie machines?  From
what I understand, ssh server isn't common on windows, and those accounts
certainly aren't common to unix...  Anyone know what's going on here?

(I'm not worried about my machines, root is blocked by sshd and I don't have the
other accounts, I'm just curious.)

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here