server hacking attempts: a fact of life

Its a fact of life that any server on the Internet gets hack attempts. I have several scripts that regularly monitor such attempts, and silently blackhole such things. For obvious reasons, I won’t discuss them here. If you are curious, email me directly.

The amusing thing is the names these script kiddies try to log in under. Now “root” and “admin” make sense, as do common names like “mike” and “alex”.

But WTF is up with some of these? “Fluffy”? “PlcmSplp”? Seriously?

Edit: I should have googled it first. Turns out that “PlcmSplp” is the default username for a provisioning a Polycom phone via ftp: Polycom Phone Provisioning with AstLinux

Jul 5 20:31:10 node1 sshd[24358]: input_userauth_request: invalid user eaguilar
Jul 5 20:31:19 node1 sshd[24392]: input_userauth_request: invalid user payala
Jul 5 20:31:24 node1 sshd[24409]: input_userauth_request: invalid user estudiante
Jul 5 20:31:27 node1 sshd[24426]: input_userauth_request: invalid user alex
Jul 6 21:45:32 node1 sshd[32092]: input_userauth_request: invalid user apple
Jul 6 21:45:36 node1 sshd[32109]: input_userauth_request: invalid user magazine
Jul 6 21:45:40 node1 sshd[32126]: input_userauth_request: invalid user sophia
Jul 6 23:20:36 node1 sshd[32610]: input_userauth_request: invalid user mike
Jul 6 23:20:40 node1 sshd[32627]: input_userauth_request: invalid user mike
Jul 6 23:20:45 node1 sshd[32644]: input_userauth_request: invalid user PlcmSpIp
Jul 6 23:20:50 node1 sshd[32661]: input_userauth_request: invalid user test
Jul 8 15:02:39 node1 sshd[12183]: input_userauth_request: invalid user fluffy
Jul 8 15:02:43 node1 sshd[12200]: input_userauth_request: invalid user admin
Jul 8 15:02:47 node1 sshd[12217]: input_userauth_request: invalid user test