Top 10 usernames used in SSH brute force
As a follow up to yesterday's post I thought it would be interesting to know statistics of the usernames used in those brute force probes. Find below awk/sed script to get usernames for failed ssh login attempts from OpenSSH daemon and sort it for statistics. Also I attach the list of the usernames I got from my server. The full list of usernames can be found at the end.
The script:
awk '/Failed password for/ ' /var/log/secure* | sed 's/.* \([[:print:]]\+\) from .*/ \1 /g ' | sort | uniq -c | sort -n -k1
And the winners are: The table listing top 10 usernames used in real cracking attampts on SSH service
| Username | Number of times seen |
|---|---|
| mysql | 232 |
| info | 252 |
| postgres | 317 |
| guest | 435 |
| nagios | 452 |
| user | 459 |
| oracle | 598 |
| admin | 884 |
| test | 1017 |
| root | 22058 |
Full list of the usernames Usernames.log
Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what I publish on Linkedin, Github, blog, and more.