I’ve recently set up a honeypot tool called Kippo, Kippo runs a virtual SSH environment and tracks all the SSH bruteforce attemps on our Server. We started the test on third of November and got about 4000 bruteforce attempts on our Server, what is remarkable here is that almost all of the logins came from servers based in china.
Our research showed that almost all the attacking machines run the Windows IIS Webserver, we are currently not sure wether those machines are zombies (hacked machines with the aim to hack other machines) or if those servers are explicitly designed to attack wide ranges. Till today we’ve collected about 2500 distinct Username/Password combinations,
the Top 10 List of combinations is below:
I collected some charts of the latest attack trends if you want to find out more, have a look at honey.it-securityguard.com
We will keep you up to date with the latest trends of our analysis,
hope you enjoyed!
All the best