Actualizado: febrero de 2026
Top 100 Usernames SSH Atacados
Los nombres de usuario mas utilizados en ataques de fuerza bruta SSH. Evita usar nombres de usuario predecibles.
| # | Username | Intentos | IPs |
|---|---|---|---|
| 1 | root | 10.184 | 722 |
| 2 | admin | 2718 | 369 |
| 3 | ubuntu | 1854 | 275 |
| 4 | sol | 1798 | 22 |
| 5 | user | 1676 | 116 |
| 6 | solana | 1468 | 22 |
| 7 | test | 1107 | 104 |
| 8 | postgres | 1054 | 83 |
| 9 | oracle | 1023 | 72 |
| 10 | ftpuser | 912 | 45 |
| 11 | 345gs5662d34 | 750 | 466 |
| 12 | guest | 663 | 71 |
| 13 | mysql | 639 | 65 |
| 14 | solv | 594 | 13 |
| 15 | git | 416 | 56 |
| 16 | backup | 330 | 43 |
| 17 | centos | 320 | 37 |
| 18 | hadoop | 316 | 43 |
| 19 | debian | 287 | 42 |
| 20 | ftp | 275 | 30 |
| 21 | pi | 255 | 40 |
| 22 | support | 217 | 89 |
| 23 | es | 214 | 23 |
| 24 | ec2-user | 192 | 25 |
| 25 | nginx | 190 | 23 |
| 26 | validator | 171 | 11 |
| 27 | dev | 170 | 32 |
| 28 | developer | 164 | 28 |
| 29 | docker | 164 | 25 |
| 30 | dspace | 162 | 25 |
| 31 | elastic | 152 | 22 |
| 32 | www | 139 | 23 |
| 33 | apache | 138 | 30 |
| 34 | node | 138 | 13 |
| 35 | daemon | 136 | 12 |
| 36 | ftptest | 134 | 15 |
| 37 | odoo16 | 133 | 5 |
| 38 | newuser | 131 | 18 |
| 39 | elasticsearch | 131 | 23 |
| 40 | deploy | 117 | 31 |
| 41 | zabbix | 110 | 13 |
| 42 | administrator | 107 | 21 |
| 43 | tomcat | 106 | 18 |
| 44 | operator | 103 | 23 |
| 45 | minoxidil4you | 102 | 23 |
| 46 | master | 100 | 15 |
| 47 | test1 | 99 | 20 |
| 48 | odoo | 99 | 16 |
| 49 | tempuser | 98 | 6 |
| 50 | ruben | 95 | 58 |
| 51 | karim | 93 | 56 |
| 52 | gerrit | 91 | 5 |
| 53 | jenkins | 79 | 24 |
| 54 | nagios | 79 | 27 |
| 55 | weblogic | 77 | 25 |
| 56 | firedancer | 67 | 6 |
| 57 | anonymous | 65 | 17 |
| 58 | trader | 62 | 7 |
| 59 | trading | 60 | 4 |
| 60 | ubnt | 59 | 18 |
| 61 | svn | 57 | 10 |
| 62 | raydium | 57 | 5 |
| 63 | server | 56 | 24 |
| 64 | bot | 56 | 19 |
| 65 | www-data | 54 | 14 |
| 66 | webmaster | 53 | 9 |
| 67 | zhongwen | 53 | 5 |
| 68 | firewall | 53 | 53 |
| 69 | bayu | 51 | 51 |
| 70 | redis | 50 | 9 |
| 71 | solnode | 47 | 1 |
| 72 | ansible | 46 | 16 |
| 73 | sa | 46 | 7 |
| 74 | ethereum | 45 | 7 |
| 75 | lighthouse | 44 | 3 |
| 76 | mongodb | 43 | 8 |
| 77 | steam | 43 | 21 |
| 78 | username | 43 | 19 |
| 79 | minecraft | 41 | 15 |
| 80 | a | 41 | 22 |
| 81 | system | 41 | 14 |
| 82 | mapr | 40 | 4 |
| 83 | redhat | 40 | 7 |
| 84 | Admin | 39 | 8 |
| 85 | user1 | 39 | 19 |
| 86 | deployer | 39 | 20 |
| 87 | slv | 38 | 1 |
| 88 | demo | 38 | 18 |
| 89 | ps | 37 | 4 |
| 90 | 12345 | 37 | 9 |
| 91 | splunk | 35 | 21 |
| 92 | kafka | 34 | 17 |
| 93 | vagrant | 33 | 12 |
| 94 | test2 | 33 | 15 |
| 95 | testuser | 33 | 26 |
| 96 | web | 32 | 14 |
| 97 | teamspeak | 32 | 17 |
| 98 | admin123 | 32 | 6 |
| 99 | ftpuser1 | 31 | 22 |
| 100 | vbox | 30 | 17 |
RECOMENDACIONES
- •Deshabilita el login de root por SSH
- •Usa nombres de usuario unicos y no predecibles
- •Implementa autenticacion por clave publica
- •Configura fail2ban para bloquear IPs