Actualizado: mayo de 2026
Top 100 Usernames SSH Atacados
Los nombres de usuario mas utilizados en ataques de fuerza bruta SSH. Evita usar nombres de usuario predecibles.
| # | Username | Intentos | IPs |
|---|---|---|---|
| 1 | root | 1,425 | 103 |
| 2 | ubuntu | 697 | 75 |
| 3 | solana | 552 | 15 |
| 4 | sol | 538 | 16 |
| 5 | admin | 479 | 76 |
| 6 | user | 276 | 49 |
| 7 | solv | 206 | 9 |
| 8 | postgres | 108 | 32 |
| 9 | test | 102 | 33 |
| 10 | john | 92 | 8 |
| 11 | lighthouse | 83 | 7 |
| 12 | oracle | 77 | 19 |
| 13 | ftpuser | 67 | 27 |
| 14 | git | 67 | 28 |
| 15 | sa | 66 | 7 |
| 16 | deploy | 65 | 14 |
| 17 | node | 62 | 11 |
| 18 | ethereum | 62 | 6 |
| 19 | testuser | 56 | 26 |
| 20 | validator | 53 | 8 |
| 21 | mysql | 53 | 20 |
| 22 | guest | 53 | 25 |
| 23 | minecraft | 51 | 16 |
| 24 | hadoop | 50 | 16 |
| 25 | 345gs5662d34 | 49 | 39 |
| 26 | dev | 48 | 21 |
| 27 | user1 | 48 | 17 |
| 28 | steam | 45 | 14 |
| 29 | ec2-user | 42 | 12 |
| 30 | es | 40 | 11 |
| 31 | frappe | 38 | 13 |
| 32 | bot | 38 | 10 |
| 33 | solr | 35 | 5 |
| 34 | elasticsearch | 35 | 10 |
| 35 | odoo | 35 | 10 |
| 36 | debian | 35 | 11 |
| 37 | gitlab | 35 | 8 |
| 38 | kafka | 35 | 16 |
| 39 | operator | 34 | 7 |
| 40 | deployer | 34 | 12 |
| 41 | ftp | 33 | 8 |
| 42 | www | 33 | 10 |
| 43 | server | 33 | 13 |
| 44 | developer | 32 | 14 |
| 45 | jenkins | 32 | 14 |
| 46 | system | 32 | 5 |
| 47 | nginx | 31 | 7 |
| 48 | uftp | 30 | 7 |
| 49 | support | 30 | 7 |
| 50 | mapr | 30 | 3 |
| 51 | user2 | 30 | 6 |
| 52 | app | 30 | 8 |
| 53 | esuser | 30 | 7 |
| 54 | tomcat | 30 | 10 |
| 55 | dmdba | 29 | 6 |
| 56 | student | 29 | 8 |
| 57 | newuser | 28 | 6 |
| 58 | latitude | 28 | 3 |
| 59 | patch | 28 | 1 |
| 60 | demo | 28 | 9 |
| 61 | oscar | 28 | 6 |
| 62 | administrator | 28 | 14 |
| 63 | firedancer | 28 | 5 |
| 64 | amir | 28 | 7 |
| 65 | a | 27 | 6 |
| 66 | sysadmin | 27 | 9 |
| 67 | bitrix | 27 | 7 |
| 68 | elastic | 27 | 8 |
| 69 | ali | 27 | 11 |
| 70 | solnode | 27 | 1 |
| 71 | pi | 27 | 8 |
| 72 | david | 27 | 6 |
| 73 | nexus | 26 | 7 |
| 74 | sonar | 26 | 6 |
| 75 | airflow | 26 | 7 |
| 76 | tom | 26 | 6 |
| 77 | ansible | 26 | 5 |
| 78 | opc | 26 | 7 |
| 79 | centos | 26 | 7 |
| 80 | rdpuser | 26 | 6 |
| 81 | user3 | 26 | 6 |
| 82 | zabbix | 26 | 7 |
| 83 | elk | 25 | 6 |
| 84 | odoo16 | 25 | 5 |
| 85 | claude | 25 | 7 |
| 86 | kali | 25 | 4 |
| 87 | niaoyun | 25 | 4 |
| 88 | sam | 25 | 5 |
| 89 | weblogic | 25 | 9 |
| 90 | devops | 24 | 7 |
| 91 | kingbase | 24 | 5 |
| 92 | bob | 24 | 6 |
| 93 | openclaw | 24 | 4 |
| 94 | user7 | 24 | 3 |
| 95 | dolphinscheduler | 24 | 6 |
| 96 | alex | 24 | 6 |
| 97 | tester | 24 | 10 |
| 98 | raydium | 24 | 4 |
| 99 | games | 24 | 1 |
| 100 | gitlab-runner | 24 | 6 |
RECOMENDACIONES
- •Deshabilita el login de root por SSH
- •Usa nombres de usuario unicos y no predecibles
- •Implementa autenticacion por clave publica
- •Configura fail2ban para bloquear IPs