This reminds me of an experiment I ran about 12 years ago.
I set up a fresh Debian box with not very much on it, and exposed it to the interwebs (back then it was just called “the web” I think) with a DynDNS address that I casually listed on USENET (which the kids these days call “Yahoo! Answers”).
It didn’t take long for people to start knocking on port 22. Some of the points I remember from that experiment:
- At least 70% of the attempts at login came from China.
- There were some predictable guesses at login credentials, but my favourite was a pretty random one: login “david”, password “beckham”.
- Someone tried to get in from a Korean elementary school.
It would have been fun to keep it going, but I must have actually needed that box to do something. VMs were still a few years away from mainstream.