Updated: April 2026
Top 100 Attacked SSH Usernames
Most used usernames in SSH brute force attacks. Avoid using predictable usernames.
| # | Username | Attempts | IPs |
|---|---|---|---|
| 1 | root | 5,321 | 304 |
| 2 | sol | 1,600 | 26 |
| 3 | solana | 1,546 | 26 |
| 4 | ubuntu | 1,321 | 175 |
| 5 | admin | 1,259 | 105 |
| 6 | solv | 608 | 17 |
| 7 | user | 555 | 113 |
| 8 | 0 | 503 | 4 |
| 9 | ro1wpadmin | 467 | 1 |
| 10 | dolero1shanti | 467 | 1 |
| 11 | DOLE1_LIO | 465 | 1 |
| 12 | acellec | 465 | 1 |
| 13 | postgres | 351 | 85 |
| 14 | 345gs5662d34 | 221 | 142 |
| 15 | validator | 192 | 14 |
| 16 | test | 161 | 93 |
| 17 | node | 137 | 12 |
| 18 | lighthouse | 130 | 5 |
| 19 | ftpuser | 93 | 74 |
| 20 | firedancer | 91 | 8 |
| 21 | bot | 89 | 49 |
| 22 | oracle | 85 | 48 |
| 23 | steam | 83 | 59 |
| 24 | dev | 76 | 56 |
| 25 | raydium | 74 | 7 |
| 26 | mapr | 73 | 3 |
| 27 | deploy | 73 | 53 |
| 28 | trading | 62 | 7 |
| 29 | trader | 62 | 6 |
| 30 | latitude | 62 | 2 |
| 31 | git | 61 | 42 |
| 32 | odoo | 61 | 42 |
| 33 | sa | 60 | 8 |
| 34 | ethereum | 57 | 8 |
| 35 | solnode | 56 | 1 |
| 36 | john | 56 | 9 |
| 37 | server | 50 | 44 |
| 38 | user1 | 49 | 36 |
| 39 | frappe | 48 | 39 |
| 40 | slv | 47 | 1 |
| 41 | n8n | 41 | 38 |
| 42 | support | 40 | 12 |
| 43 | teamspeak | 36 | 31 |
| 44 | ps | 33 | 3 |
| 45 | system | 33 | 5 |
| 46 | operator | 32 | 4 |
| 47 | sammy | 32 | 28 |
| 48 | testuser | 31 | 24 |
| 49 | jibs | 30 | 3 |
| 50 | jupyter | 29 | 2 |
| 51 | 3d | 29 | 3 |
| 52 | www | 29 | 12 |
| 53 | banx | 29 | 2 |
| 54 | ali | 28 | 27 |
| 55 | solr | 28 | 2 |
| 56 | soldev | 28 | 1 |
| 57 | grafana | 28 | 2 |
| 58 | solscript | 28 | 1 |
| 59 | helius | 28 | 1 |
| 60 | tomcat | 27 | 10 |
| 61 | soltech | 26 | 1 |
| 62 | jito | 25 | 4 |
| 63 | ubnt | 25 | 9 |
| 64 | claude | 25 | 24 |
| 65 | cexadmin | 24 | 1 |
| 66 | cexuser | 24 | 1 |
| 67 | minima | 24 | 4 |
| 68 | administrator | 23 | 14 |
| 69 | pi | 23 | 10 |
| 70 | ops | 22 | 6 |
| 71 | sniper | 22 | 2 |
| 72 | app | 22 | 13 |
| 73 | evm | 22 | 2 |
| 74 | vpn | 22 | 17 |
| 75 | ftp | 21 | 9 |
| 76 | es | 21 | 10 |
| 77 | alexzander | 20 | 1 |
| 78 | dara | 20 | 1 |
| 79 | hernan | 20 | 1 |
| 80 | kala | 20 | 1 |
| 81 | julisa | 20 | 1 |
| 82 | rowan | 20 | 1 |
| 83 | test1 | 20 | 20 |
| 84 | colby | 20 | 1 |
| 85 | kong | 20 | 1 |
| 86 | lucille | 20 | 1 |
| 87 | evmbot | 20 | 1 |
| 88 | jessenia | 20 | 1 |
| 89 | cathryn | 20 | 1 |
| 90 | simran | 20 | 1 |
| 91 | griselda | 20 | 1 |
| 92 | brandyn | 20 | 1 |
| 93 | demarco | 20 | 1 |
| 94 | madysen | 20 | 1 |
| 95 | deployer | 20 | 16 |
| 96 | micayla | 20 | 1 |
| 97 | sommer | 20 | 1 |
| 98 | minoxidil4you | 19 | 5 |
| 99 | minecraft | 19 | 18 |
| 100 | mysql | 19 | 7 |
RECOMMENDATIONS
- •Disable root login via SSH
- •Use unique and unpredictable usernames
- •Implement public key authentication
- •Configure fail2ban to block IPs