People still does brute forcing ?
 

over ssh
i mean , i dont get it., why the fuck ?

most of the times ip gets blacklisted, and pw are very strong these days., and how many attempts they are gonna do ?

there are less than 0.1% chance that they ll get in to box., but why waste so much time and power.

The success rate grows exponentially as they gain access to more servers that can help gain access to yet another. Once you "own" a large enough network, you start blackmailing big companies, threatening to DDOS their online services. And then... You profit.

eek so cheap, why not build affiliate sites and make monies :winkwink:

Change default port, change default user, block root logins, install fail2ban.

99% problems solved.

The short answer is, "yes". People still do it on a daily basis.

:2 cents:

why are they strong now and not in the past ?

http://pastebin.com/ZGXJuQKW a random link at pastebin: January, 12th 2012

Change your ssh ports to a non standard setting Or use a firewall

On a new VPS of mine, i get around 5 attempts/da,y that goes over 100 and it's a brand new VPS (5 days old)

on my new box 4 days old, gets 6-7 attempts ,with 800+ tries

even better, use ssh public keys.

Keys avoid any possibility of success. A firewall avoids wasting resources on attempts.

A lot of people use strong passwords, a vew use passphrases, but way too many webmasters use "admin admin", "qwerty" and other dumb shit. We get webmaster passwords daily of course and I'd say about 10% are really bad. Use LONG passwords, please.

they are using bot networks for that, and then they spread, and then they can use it for wahtever reason they want

Keys are the best way I just don't trust myself not to lose them.

More often than not, true dat.