auth.log noise
Below are the top 50 login names when trying to gain access to this web server over the last 4 weeks
| Name | Attempts |
|---|---|
| root | 3273 |
| admin | 119 |
| test | 110 |
| mysql | 44 |
| guest | 41 |
| user | 37 |
| oracle | 37 |
| temp | 25 |
| sales | 24 |
| info | 21 |
| webmaster | 21 |
| postgres | 21 |
| dan | 18 |
| robert | 18 |
| student | 17 |
| ftpuser | 17 |
| ftp | 17 |
| richard | 16 |
| apache | 16 |
| web | 15 |
| adm | 15 |
| webadmin | 15 |
| john | 15 |
| paul | 15 |
| office | 15 |
| tony | 14 |
| james | 14 |
| postfix | 13 |
| michael | 13 |
| alex | 13 |
| david | 13 |
| amanda | 13 |
| adam | 12 |
| mike | 12 |
| staff | 12 |
| steven | 12 |
| recruit | 12 |
| jeff | 12 |
| pgsql | 12 |
| library | 12 |
| username | 12 |
| frank | 12 |
| susan | 11 |
| cyrus | 11 |
| dave | 11 |
| gast | 10 |
| postmaster | 10 |
| nagios | 10 |
| martin | 10 |
| admins | 10 |
Note: No external connections are allowed to log in as root (of course)
Note2: After 5 failed login attempt, the IP address is temporary banned (fail2ban)
July 7th, 2008 at 9:16 pm
That’s odd. The 2501 times I tried to log in as “jurgen” weren’t recorded at all.