As we regularly report on this blog, a large proportion of web based threats come from compromised websites (around 80%). To understand better (and therefore provide even better protection) we are currently carrying out some research into how these sites are being infected.
One aspect of this research is to look at attacks over SSH so we’ve created a honeypot. Some of the preliminary information is very interesting, in particular we’ve logged the most common username names and username password combinations used to try and hack into the system.
The most popular are fairly obvious, but who is Alex? The most obvious reason is that the attackers are using a dictionary attack of common names.