The Hacker Voice Community Forums: 6 Months of SSH attacks - The Hacker Voice Community Forums

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

6 Months of SSH attacks Rate Topic: -----

#1 User is offline   NaPsTeR 

  • Nappy
  • Group: THV Members
  • Posts: 215
  • Joined: 09-September 05
  • Gender:Male
  • Location:/root/
  • Operating System:Backtrack == Slax
  • Ninja or Pirate?:Ninja

Posted 02 July 2012 - 01:44 AM

NaPsTeR's SSH Summary
Total Attacks:
408987

Usernames
 141054 root
   5095 test
   3506 admin
   3080 oracle
   2534 bin
   1978 nagios
   1886 user
   1732 guest
   1583 mysql
   1472 postgres
   1300 tomcat
   1243 web
   1200 www
   1109 tester
   1017 backup
    925 testing
    914 webmaster
    906 support
    878 test1
    878 alex
    864 info
    836 temp
    832 ftp
    778 test2
    692 apache
    676 student
    674 ftpuser
    655 a
    630 upload
    587 testuser
    577 prueba
    537 webadmin
    511 michael
    497 teamspeak
    445 sales
    445 david
    427 demo
    419 cyrus
    416 linux
    414 postfix
    407 paul
    400 abc
    399 mail
    394 nobody
    374 amanda
    369 news
    362 adm
    360 george
    356 administrator
    353 toor
Unique Usernames:
37115

Passwords
  12398 123456
   6583 password
   4701 1234
   4056 12345
   3723 123
   2628 abc123
   2624 test
   1993 a
   1693 qwerty
   1571 1
   1185 12
   1183 test123
   1097 changeme
   1021 1qaz2wsx
    938 root
    825 12345678
    787 1234567
    746 1q2w3e
    700 abcd1234
    688 oracle
    662 123456789
    639 123qwe
    630 111111
    609 1q2w3e4r
    559 p@ssw0rd
    553 redhat
    536 pass
    536 admin
    510 123123
    492 linux
    476 master
    469 postgres
    467 user
    452 root123
    417 1qazxsw2
    405 mysql
    387 qazwsx
    373 P@ssw0rd
    368 zaq12wsx
    368 654321
    362 qwe123
    362 admin123
    360 apache
    358 passw0rd
    351 letmein
    344 passwd
    337 tester
    336 asdf1234
    335 asdfgh
    334 iamhacker22
Unique Passwords:
75644

User/Password Combo
   1074 root:123456
    625 root:password
    507 oracle:oracle
    477 root:qwerty
    477 root:111111
    471 root:root
    465 test:test
    459 root:abc123
    457 root:1q2w3e
    436 root:1234
    432 root:redhat
    425 root:root123
    402 postgres:postgres
    354 root:p@ssw0rd
    349 root:1qaz2wsx
    348 root:passw0rd
    342 root:12345
    337 root:123
    335 root:1q2w3e4r
    309 root:12345678
    298 mysql:mysql
    291 root:abcd1234
    285 root:123456789
    267 test:test123
    265 root:654321
    261 nagios:nagios
    251 root:master
    246 root:rootroot
    244 user:user
    244 root:q1w2e3r4
    244 root:pa55w0rd
    241 guest:guest
    238 alex:alex
    237 root:123123
    237 michael:michael
    229 info:info
    223 root:test
    221 apache:apache
    215 web:web
    214 test:123456
    213 root:1qaz2wsx3edc
    213 root:1234567
    212 root:7hur@y@t3am$#@!(*(
    208 linux:linux
    204 root:linux
    199 root:changeme
    197 root:1
    195 admin:admin
    193 root:passwd
    192 root:1q2w3e4r5t
Unique Combos:
108615

Remote SSH Version
      1 SSH-1.99-SSH-2.0-OpenSSH_3.8.1p1
      1 SSH-1.99-SSH-2.0-OpenSSH_4.7p1
      1 SSH-2.0-OpenSSH_3.8p1
      1 SSH-2.0-OpenSSH_4.3p2
      1 SSH-2.0-OpenSSH_5.4
      1 SSH-2.0-OpenSSH_5.6
      1 SSH-2.0-OpenSSH_5.8p1
      1 SSH-2.0-OpenSSH_5.8p1-hpn13v11
      1 SSH-2.0-PuTTY-Release-0.56
      1 SSH-2.0-PuTTY_Snapshot_2011_06_07:r9169
      1 SSH-2.0-PuTTY_Snapshot_2011_07_13:r9206
      1 SSH-2.0-TrileadSSH2Java_213
      1 SSH-2.0-WinSCP_release_4.2.9
      1 SSH-2.0-WinSCP_release_4.3.8
      1 SSH-2.0-dropbear_0.53.1
      1 SSH-2.0-dropbear_2011.54
      2 SSH-2.0-OpenSSH_4.3
      2 SSH-2.0-OpenSSH_5.5p1
      2 SSH-2.0-PuTTY-Release-0.57
      2 SSH-2.0-PuTTY_Snapshot_2011_10_01:r9309
      2 SSH-2.0-WinSCP_release_4.3.2
      2 SSH-2.0-WinSCP_release_4.3.5
      2 SSH-2.0-libssh2_1.4.1
      3 SSH-2.0-OpenSSH_./inst:
      3 SSH-2.0-OpenSSH_5.3p1
      3 SSH-2.0-PuTTY-Release-0.54
      3 SSH-2.0-PuTTY_Snapshot_2012_03_09:r9427
      3 SSH-2.0-WinSCP_release_4.3.3
      3 SSH-2.0-WinSCP_release_5.0.7
      4 SSH-2.0-OpenSSH_5.1p1
      4 SSH-2.0-dropbear_0.52
      4 SSH-2.0-libssh-0.4.8
      4 SSH-2.0-libssh2_1.4.0
      5 SSH-2.0-PuTTY_Prerelease_0.62:r9366
      6 SSH-2.0-OpenSSH_5.3
      6 SSH-2.0-dropbear_0.51
      7 SSH-2.0-PuTTY_Snapshot_2010_04_07:r8911
      8 SSH-2.0-1.90
      8 SSH-2.0-PuTTY_Local:_Jan__8_2012_14:40:35
      9 SSH-2.0-PuTTY_Release_0.58
     16 SSH-2.0-Erics_TelNet98_v15_1_SSH_Build_6426
     16 SSH-2.0-dropbear_0.47
     33 SSH-2.0-WinSCP_release_4.3.7
     52 SSH-2.0-PuTTY_Release_0.61
     98 SSH-2.0-libssh2_1.2.6
    121 SSH-2.0-PuTTY_Release_0.60
    215 SSH-2.0-PuTTY_Release_0.62
    533 SSH-2.0-libssh2_1.0
   8002 SSH-2.0-libssh-0.11
  15999 SSH-2.0-libssh-0.2
Unique SSH Versions:
51

Attackers
  17761 223.224.43.246
  17286 203.92.42.6
  15926 190.145.98.179
  15098 123.30.179.233
  12396 221.174.50.146
  11864 116.229.239.242
   8589 59.52.97.130
   7586 212.49.167.154
   6675 223.4.25.54
   6594 207.20.41.136
   6218 61.152.223.194
   5810 89.238.66.122
   5788 202.89.109.143
   5512 92.87.29.133
   4860 96.44.146.59
   4725 173.203.199.145
   4723 173.45.97.98
   4722 27.122.59.102
   4713 68.114.168.45
   3950 110.45.158.214
   3444 220.165.5.7
   3151 117.55.235.10
   3110 98.142.2.22
   3103 222.173.37.171
   3076 58.56.77.57
   2948 59.37.173.69
   2844 213.139.44.166
   2807 213.243.116.99
   2778 184.107.185.90
   2688 206.132.180.96
   2679 200.156.127.50
   2667 175.203.96.109
   2634 213.148.0.237
   2561 176.53.60.3
   2554 223.202.16.6
   2538 202.121.166.203
   2516 202.29.239.177
   2515 217.98.89.20
   2511 89.140.136.75
   2470 222.122.52.150
   2432 80.67.12.212
   2355 85.9.66.17
   2273 206.174.207.195
   2264 220.181.120.166
   2149 92.48.71.75
   2147 202.112.31.17
   1994 72.252.2.236
   1901 115.238.55.166
   1890 91.93.35.68
   1887 69.64.75.136
Unique Attackers:
1177


Login attempt by month
Jan - 26913
Feb - 40938
Mar - 85137
Apr - 122434
May - 59233
Jun - 74332
Graph

Top 50 Commands
Clicky

Switchlink Specific(Well IPs that mentioned Switchlink)
Total Attacks:
502

Usernames
     20 webmaster
     14 admin
     12 user
     12 test2
     12 test
     12 switchlink
     12 root
     12 no-rdns
     12 mysql
     12 co
      8 yildiz
      8 www
      8 webalizer
      8 testing
      8 test1
      8 system
      8 sync
      8 squid
      8 smtp
      8 rob
      8 radio
      8 preeti
      8 postgres
      8 operator
      8 news
      8 netdump
      8 net
      8 named
      8 mwamono
      8 marie
      8 lazer
      8 kellym
      8 host
      8 guest
      8 graphics
      8 gopher
      8 games
      8 ftpuser
      8 ftp
      8 famins
      8 exim
      8 evidare
      8 easypwn
      8 dorigo
      8 david
      8 backup
      8 avahi
      8 autoclub
      8 apache
      8 alfa
Unique Usernames:
59

Passwords
    121 switchlink
    118 no-rdns
    117 no-rdns.switchlink
    116 switchlink.co
      9 password
      9 123456
      3 switchlink1
      3 no-rdns1
      3 co1
      3 co
Unique Passwords:
10

Attackers
    223 122.227.135.92
    221 89.189.215.128
     56 77.34.201.146
      2 84.45.38.216
Unique Attackers:
4


Attached:
Attached File  Usernames.txt (408.46K)
Number of downloads: 0
Attached File  Passwords.txt (884.1K)
Number of downloads: 0
Attached File  Combo.txt (2.05MB)
Number of downloads: 0
Attached File  Attackers.txt (25.79K)
Number of downloads: 0
Attached File  Files Downloaded.txt (4.06K)
Number of downloads: 0 - Download with caution
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users