How Did They Know I Like Guiness?

So, anyone that's had a server online with a public IP will know that there are a lot of people out there that will flood you with malicious requests almost immediately. People with malicious intent will put together scripts that scan public network addresses and attempt to exploit known services, or brute force them. Usually looking at the logs of attempts to brute force ssh, I see patterns that are obvious usernames from some db of common usernames. (Note to self, update listening port for ssh from default 22.)

This one caught my eye, because I really like Guiness and it seems more personalized. Fortunately fail2ban caught/banned the IP after 3 failed attempts. Anyway, I have an instagram photo on my lawn mower with a Guiness in focus, I'm curious if this is more specifically targeted.

Sep 29 20:13:31 cent01 sshd[8109]: Invalid user guinness from 106.75.51.150

Currently unrated

(Comments)

Comments