Top 10 usernames used in SSH brute force

In continuation to yesterday’s post I thought it would be interesting to know statistics of the usernames used in those bruteforce probes. I thought and I did . Find below awk/sed script to get usernames for failed ssh login attempts and sort it for statistics and also list of the usernames I got from my server. The full list of usernames can be found at the end.
The script:

awk '/Failed password for/ ' /var/log/secure* | sed 's/.* \([[:print:]]\+\) from .*/ \1 /g ' | sort | uniq -c | sort -n -k1

And the winners are:

The table listing top 10 usernames used in real cracking attampts on SSH service
Username	Number of times seen
mysql	232
info	252
postgres	317
guest	435
nagios	452
user	459
oracle	598
admin	884
test	1017
root	22058

Full list of the usernames Usernames.log

Posted in Awk weekly, Linux.

2 comments

By Yuri – June 4, 2010

2 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

Continuing the Discussion

How to Set Up a Secure Web Tunnel | Hack In The Box linked to this post on June 4, 2010
[...] Top 10 usernames used in SSH brute force – yurisk.info [...]
Top 10 der Usernamen bei ssh Brute-Force-Attacken | harmes.de linked to this post on June 8, 2010
[...] http://yurisk.info/2010/06/04/top-10-usernames-used-in-ssh-brute-force/ [...]

« SSH brute force is on the rise How to choose the password that noone can guess and you cant remember »

Proudly powered by WordPress and Carrington.

Carrington Theme by Crowd Favorite

Top 10 usernames used in SSH brute force

2 Responses

Continuing the Discussion

Useful links

Tags

Top 10 usernames used in SSH brute force

2 Responses

Continuing the Discussion

Subscribe

Useful links

Tags