Highest used usernames in break-in attempts to my servers 2019
A few days ago, I wrote about different IP addresses trying to break into my servers. Today, I looked into another server to find the frequently used user names used in the SSH attempts.
- admin 36228
- test 19249
- user 17164
- ubuntu 16233
- postgres 16217
- oracle 9738
- git 8118
- ftpuser 7028
- teamspea 6560
- mysql 5650
- nagios 5599
- pi 5239
- deploy 5167
- hadoop 5011
- guest 4798
- dev 4468
- ts3 4277
- minecraf 4145
- support 3940
- ubnt 3549
- debian 3515
- demo 3489
- tomcat 3435
- vagrant 3042
- zabbix 3033
- jenkins 3027
- develope 2941
- sinusbot 2914
- user1 2898
- administ 2747
- bot 2590
- testuser 2459
- ts 2403
- apache 2391
- www 2329
- default 2293
- odoo 2168
- test2 2161
- backup 2133
- steam 2129
- 1234 2026
- server 1890
- www-data 1853
- web 1850
- centos 1796
- vnc 1783
- csgoserv 1715
- prueba 1677
- test1 1648
- a 1581
- student 1568
- csgo 1524
- weblogic 1522
- ts3bot 1521
- mc 1434
- gpadmin 1427
- redhat 1378
- alex 1375
- system 1362
- manager 1359
I never knew that admin is such important user name for Linux servers, I thought I will see root there. Also, why alex? I can understand the reason behind pi. If you want to find out the similar details, you can use the following command.
last -f /var/log/btmp