A kiddie and their script, part N of N!
Mar 9 17:54:52 skapet sshd-session[97161]: Failed password for invalid user %company% from 20.83.3.189 port 17677 ssh2
#scriptkiddies #sshgropers #passwordguessing #cybercrime #ssh #security
And if you need some reading material […]
Friends,
It feels like it was in a different century, but at the beginning of the #russia-#ukraine full scale war I speculated that you could predict development in conflict based on the intensity of attempted #cyberattacks, see […]
A mention elsewhere of the insufferable ssh password guessers has me reprise my "The Hail Mary Cloud and the Lessons Learned" nxdomain.no/~peter/hailm... piece #ssh #passwords #passwordguessing #passwordgroping #endlessh #openbsd #freebsd #pf #packetfilter #security #cybercrime
A mention elsewhere of the insufferable ssh password guessers has me reprise my "The Hail Mary Cloud and the Lessons Learned" nxdomain.no/~peter/hailmary_lessons_... piece, with a not added at the end about endlessh as a possible refinement (yes, I use it) #ssh #passwords […]
Over at LinkedIn, somebody posted the results of putting a Linux server with sshd exposted to the internet for 30 days recently.
In that particular area, not much seems to have changed since the early years of this century when the events chronicled here […]
Possibly not blogworthy, but: One puzzling side effect of running greytrapping (as in nxdomain.no/~peter/eight...) is seeing password guessers using obviously generated gibberish local parts (see nxdomain.no/~peter/shoul...). #greytrapping #passwordguessing #passwordgroping #spamd #ssh #pop3gropers
On a similar note, idle minds might wonder what "luax" is - log excerpt https://nxdomain.no/~peter/who_or_what_is_luax.txt #luax #ssh #sshgropers #passwordgroping #passwordguessing #cybercrime #security
just got to love these:
Oct 4 00:04:31 portal sshd-session[37449]: Failed password for invalid user { from 114.111.54.188 port 49944 ssh2
#ssh #passwords #passwordguessing #passwordgroping #cybercrime #bots
Happy
'Logging in as users
"<"
and
">
day'
to all who celebrate!
Aug 11 12:48:53 freebeast sshd-session[32113]: Invalid user "<" from 46.246.3.247 port 36834
Aug 11 11:57:32 freebeast sshd-session[88]: Invalid user "> from 46.246.3.247 port 8731
#ssh #passwordgropers #cybercrime […]
Eighteen Years of Greytrapping - Is the Weirdness Finally Paying Off? nxdomain.no/~peter/eight... (also bsdly.blogspot.com/2025/08/eigh...)
#greytrapping #spam #antispam #greylisting #blocklist #openbsd #freebsd #smtp #email #ssh #passwords #passwordguessing #pop3 #security #networking #cybercrime
Eighteen Years of Greytrapping - Is the Weirdness Finally Paying Off? nxdomain.no/~peter/eight... (tracked bsdly.blogspot.com/2025/08/eigh...)
#greytrapping #spam #antispam #greylisting #blocklist #openbsd #freebsd #smtp #email #ssh #passwords #passwordguessing #pop3 #security #networking
I've heard of one-LETTER user names before, but trying ' as a user name takes a very special kind of ... something.
Jul 23 07:45:42 skapet sshd-session[12400]: Failed password for invalid user ' from 161.132.40.50 port 41338 ssh2
#sshgropers #cybercrime #cyberfail #passwordgropers […]
Should I Stop Caring and Let IP Address Reputation Sort Them Out? nxdomain.no/~peter/shoul...
How long does data stay relevant in an IP Address Reputation context?
#security #passwordguessing #antispam #sshgropers #pop3gropers #blacklists #blocklists #bruteforcers #spam #cybercrime #ipreputation
Should I Stop Caring and Let IP Address Reputation Sort Them Out? nxdomain.no/~peter/should_i_stop_car...
How long does data on misbehaving hosts on the Internet stay relevant in an P Address Reputation context?
#security #passwordguessing […]
Psychologists, please explain what happened here:
May 13 14:04:14 skapet sshd-session[88955]: Failed password for invalid user FAKESSH from 213.178.90.84 port 41918 ssh2
(nxdomain.no/~peter/hailm... + links therein *might* be relevant) #passwordgropers #ssh #passwordguessing #cybercrime #security
Psychologists may be able to explain what happened here:
May 13 14:04:14 skapet sshd-session[88955]: Failed password for invalid user FAKESSH from 213.178.90.84 port 41918 ssh2
(meh, nxdomain.no/~peter/hailmary_lessons_... and links therein *might* be relevant) […]
It will not be a surprise that the ovenight haul of new groped-for user IDs today included, almost #hailmary style, a bunch of vaguely #cryptocurrencly related ones, https://nxdomain.no/~peter/tuliptraders.txt log extract https://nxdomain.no/~peter/tuliptraders-sshlog.txt Do […]
So this happened:
Jan 30 03:07:16 skapet sshd-session[94311]: Failed password for invalid user "> from 165.231.182.56 port 15613 ssh2
Ilikely a variant of "gropefor database down" scenario as in nxdomain.no/~peter/so_so... #sshgropers #sshd #passwordguessing #passwordgroping #passwords #cybercrime
Some of my friends here will understand the pleasure of generating 1k public spamtraps of a pattern, then seeing the selfsame turn up soon after as things the passwords gropers try desperately for (drone???@somedomain.tld) #passwords #passwordgropers #passwordguessing #cybercrime #cyberscum
