[Research] SSH Honeypot (honey.it-securityguard.com)

Dear followers,

I’ve recently set up a honeypot tool called Kippo, Kippo runs a virtual SSH environment and tracks all the SSH bruteforce attemps on our Server. We started the test on third of November and got about 4000 bruteforce attempts on our Server, what is remarkable here is that almost all of the logins came from servers based in china.

Our research showed that almost all the attacking machines run the Windows IIS Webserver, we are currently not sure wether those machines are zombies (hacked machines with the aim to hack other machines) or if those servers are explicitly designed to attack wide ranges. Till today we’ve collected about 2500 distinct Username/Password combinations,

the Top 10 List of combinations is below:

 Username, Password
admin,[email protected]
admin,[email protected]
admin,[email protected]#

I collected some charts of the latest attack trends if you want to find out more, have a look at honey.it-securityguard.com


connections_per_country_pie connections_per_ip_geo connections_per_ip_geo_pie


We will keep you up to date with the latest trends of our analysis,

hope you enjoyed!

All the best