Actualizado: abril de 2026
Top 100 Usernames SSH Atacados
Los nombres de usuario mas utilizados en ataques de fuerza bruta SSH. Evita usar nombres de usuario predecibles.
| # | Username | Intentos | IPs |
|---|---|---|---|
| 1 | root | 3,681 | 334 |
| 2 | sol | 1,623 | 24 |
| 3 | solana | 1,600 | 24 |
| 4 | ubuntu | 1,339 | 213 |
| 5 | solv | 697 | 16 |
| 6 | user | 634 | 164 |
| 7 | admin | 629 | 75 |
| 8 | 345gs5662d34 | 467 | 196 |
| 9 | postgres | 348 | 88 |
| 10 | administrator | 213 | 15 |
| 11 | validator | 182 | 12 |
| 12 | steam | 166 | 127 |
| 13 | test | 157 | 77 |
| 14 | john | 141 | 14 |
| 15 | sa | 136 | 13 |
| 16 | node | 130 | 12 |
| 17 | ftpuser | 122 | 77 |
| 18 | deploy | 116 | 68 |
| 19 | lighthouse | 111 | 3 |
| 20 | oracle | 101 | 81 |
| 21 | guest | 93 | 49 |
| 22 | firedancer | 88 | 7 |
| 23 | mapr | 76 | 4 |
| 24 | bot | 76 | 43 |
| 25 | odoo | 72 | 33 |
| 26 | n8n | 66 | 60 |
| 27 | raydium | 66 | 6 |
| 28 | hyper | 61 | 39 |
| 29 | tim | 53 | 45 |
| 30 | support | 52 | 9 |
| 31 | dev | 52 | 37 |
| 32 | latitude | 51 | 2 |
| 33 | admin2 | 50 | 7 |
| 34 | ethereum | 50 | 8 |
| 35 | testing | 50 | 49 |
| 36 | vpn | 48 | 40 |
| 37 | claude | 44 | 36 |
| 38 | slv | 44 | 1 |
| 39 | trading | 44 | 3 |
| 40 | scanner | 44 | 1 |
| 41 | solnode | 43 | 1 |
| 42 | trader | 41 | 4 |
| 43 | server | 41 | 36 |
| 44 | ftptestusr | 41 | 41 |
| 45 | sammy | 41 | 32 |
| 46 | ad | 40 | 40 |
| 47 | ali | 40 | 30 |
| 48 | server1 | 40 | 37 |
| 49 | ps | 39 | 3 |
| 50 | git | 39 | 32 |
| 51 | frappe | 38 | 33 |
| 52 | scan | 37 | 1 |
| 53 | gitlab-runner | 34 | 30 |
| 54 | elasticsearch | 32 | 31 |
| 55 | ubnt | 31 | 8 |
| 56 | solr | 30 | 2 |
| 57 | airflow | 30 | 3 |
| 58 | strapi | 28 | 1 |
| 59 | jibs | 28 | 3 |
| 60 | jupyter | 28 | 2 |
| 61 | grafana | 28 | 2 |
| 62 | pzuser | 28 | 28 |
| 63 | 3d | 28 | 3 |
| 64 | kong | 26 | 1 |
| 65 | roo | 26 | 26 |
| 66 | testuser | 26 | 13 |
| 67 | minima | 26 | 3 |
| 68 | operator | 26 | 4 |
| 69 | superset | 25 | 1 |
| 70 | cexuser | 24 | 1 |
| 71 | 0 | 24 | 2 |
| 72 | keycloak | 24 | 1 |
| 73 | user1 | 24 | 15 |
| 74 | testftp | 24 | 17 |
| 75 | system | 24 | 3 |
| 76 | grid | 23 | 2 |
| 77 | jito | 22 | 3 |
| 78 | cmu | 22 | 1 |
| 79 | ops | 22 | 5 |
| 80 | teamspeak | 22 | 21 |
| 81 | cexadmin | 21 | 1 |
| 82 | solscript | 21 | 1 |
| 83 | soltech | 21 | 1 |
| 84 | banx | 21 | 2 |
| 85 | svn-cmu | 21 | 1 |
| 86 | test2 | 20 | 11 |
| 87 | helius | 20 | 1 |
| 88 | chantal | 20 | 1 |
| 89 | elsie | 20 | 1 |
| 90 | bobbie | 20 | 1 |
| 91 | nathaly | 20 | 1 |
| 92 | tavian | 20 | 1 |
| 93 | tracy | 20 | 1 |
| 94 | mason | 20 | 1 |
| 95 | kaytlyn | 20 | 1 |
| 96 | billie | 20 | 1 |
| 97 | giovani | 20 | 1 |
| 98 | tyron | 20 | 1 |
| 99 | soldev | 19 | 1 |
| 100 | opadmin | 19 | 2 |
RECOMENDACIONES
- •Deshabilita el login de root por SSH
- •Usa nombres de usuario unicos y no predecibles
- •Implementa autenticacion por clave publica
- •Configura fail2ban para bloquear IPs