Actualizado: diciembre de 2025
Top 100 Usernames SSH Atacados
Los nombres de usuario mas utilizados en ataques de fuerza bruta SSH. Evita usar nombres de usuario predecibles.
| # | Username | Intentos | IPs |
|---|---|---|---|
| 1 | root | 5,852 | 347 |
| 2 | sol | 1,832 | 18 |
| 3 | admin | 1,033 | 161 |
| 4 | solana | 1,030 | 19 |
| 5 | solv | 855 | 16 |
| 6 | ubuntu | 822 | 153 |
| 7 | user | 519 | 102 |
| 8 | test | 510 | 98 |
| 9 | 345gs5662d34 | 481 | 174 |
| 10 | oracle | 410 | 47 |
| 11 | postgres | 380 | 66 |
| 12 | mysql | 321 | 42 |
| 13 | guest | 307 | 39 |
| 14 | debian | 200 | 36 |
| 15 | git | 192 | 44 |
| 16 | hadoop | 164 | 37 |
| 17 | ftpuser | 161 | 60 |
| 18 | dev | 155 | 49 |
| 19 | es | 153 | 43 |
| 20 | developer | 152 | 39 |
| 21 | pi | 148 | 30 |
| 22 | node | 148 | 10 |
| 23 | backup | 126 | 13 |
| 24 | dspace | 118 | 19 |
| 25 | docker | 118 | 28 |
| 26 | elastic | 116 | 26 |
| 27 | deploy | 110 | 50 |
| 28 | elasticsearch | 109 | 37 |
| 29 | centos | 89 | 24 |
| 30 | administrator | 87 | 15 |
| 31 | zabbix | 86 | 21 |
| 32 | www | 83 | 27 |
| 33 | master | 79 | 26 |
| 34 | ftp | 77 | 23 |
| 35 | steam | 75 | 35 |
| 36 | odoo | 75 | 31 |
| 37 | nginx | 73 | 29 |
| 38 | daemon | 70 | 7 |
| 39 | validator | 65 | 7 |
| 40 | ftptest | 65 | 8 |
| 41 | tomcat | 65 | 25 |
| 42 | testuser | 59 | 44 |
| 43 | support | 59 | 17 |
| 44 | wang | 57 | 19 |
| 45 | apache | 56 | 22 |
| 46 | tom | 54 | 19 |
| 47 | user1 | 53 | 30 |
| 48 | jenkins | 53 | 26 |
| 49 | raydium | 50 | 1 |
| 50 | app | 49 | 26 |
| 51 | nagios | 48 | 6 |
| 52 | rosa | 48 | 2 |
| 53 | sa | 47 | 9 |
| 54 | minecraft | 46 | 31 |
| 55 | test1 | 44 | 17 |
| 56 | ansible | 44 | 26 |
| 57 | ethereum | 44 | 7 |
| 58 | ubnt | 44 | 22 |
| 59 | sonar | 44 | 19 |
| 60 | dolphinscheduler | 42 | 18 |
| 61 | operator | 42 | 6 |
| 62 | grid | 41 | 11 |
| 63 | oscar | 40 | 16 |
| 64 | gitlab | 40 | 23 |
| 65 | server | 39 | 21 |
| 66 | bitrix | 38 | 27 |
| 67 | ec2-user | 36 | 23 |
| 68 | esuser | 36 | 18 |
| 69 | uftp | 36 | 19 |
| 70 | bot | 35 | 30 |
| 71 | svn | 35 | 3 |
| 72 | amir | 35 | 16 |
| 73 | www-data | 34 | 8 |
| 74 | firedancer | 33 | 4 |
| 75 | weblogic | 32 | 20 |
| 76 | runner | 31 | 25 |
| 77 | deployer | 30 | 21 |
| 78 | User-Agent: Go-http-client/1.1 | 30 | 4 |
| 79 | newuser | 30 | 2 |
| 80 | dmdba | 29 | 12 |
| 81 | trader | 29 | 4 |
| 82 | mapr | 28 | 2 |
| 83 | gerrit | 28 | 4 |
| 84 | svn-cmu | 28 | 1 |
| 85 | gpadmin | 27 | 18 |
| 86 | ps | 27 | 1 |
| 87 | student | 27 | 19 |
| 88 | webmaster | 27 | 5 |
| 89 | ranger | 26 | 17 |
| 90 | flink | 26 | 21 |
| 91 | tools | 26 | 18 |
| 92 | cmu | 26 | 1 |
| 93 | demo | 26 | 19 |
| 94 | user2 | 25 | 11 |
| 95 | nexus | 25 | 18 |
| 96 | plex | 24 | 18 |
| 97 | redis | 24 | 15 |
| 98 | reza | 24 | 20 |
| 99 | test2 | 23 | 20 |
| 100 | search | 23 | 2 |
RECOMENDACIONES
- •Deshabilita el login de root por SSH
- •Usa nombres de usuario unicos y no predecibles
- •Implementa autenticacion por clave publica
- •Configura fail2ban para bloquear IPs