I have sshd running on my Linux box (Debian distro). The router routs all ssh requests to that box only. I was looking in my logs for some reason, and I saw the following in auth.log:
Jun 12 14:13:04 localhost sshd: Illegal user play from 188.8.131.52
Jun 12 14:13:05 localhost sshd: Illegal user open from 184.108.40.206
Jun 12 14:13:07 localhost sshd: Illegal user dulap from 220.127.116.11
Jun 12 14:13:09 localhost sshd: Illegal user if from 18.104.22.168
Jun 12 14:13:10 localhost sshd: Illegal user uk from 22.214.171.124
Jun 12 14:13:12 localhost sshd: Illegal user us from 126.96.36.199
Jun 12 14:13:14 localhost sshd: Illegal user alinus from 188.8.131.52
Jun 12 14:13:15 localhost sshd: Illegal user rumeno from 184.108.40.206
Jun 12 14:13:17 localhost sshd: Illegal user it from 220.127.116.11
It goes on and on. Looking back, this happens to me a lot, and not always from the same IP. runnig grep on the whole log directory, the lame-ass scripts don’t try any of my actual user names, so I don’t even know what it would try to do if it found a valid username - brute force the password maybe?
Anyway, this annoys me, and it seems like this would be against most provider’s terms and conditions. Is there any way I can try to notify the providers that there are users not playing nice? I would love to get some of these punks kicked off of their service or something. Or is it not even worth the hassle?