Security question… how do the hackers get the usernames?

Security question… how do the hackers get the usernames?

My server hasn’t been hacked but I do see hundreds of brute force attacks per day. I find it interesting that if I add a user (example: user123) today I see attacks on that username within 24 hours. All are from IP Addresses in the Asia Pacific Network and I have zero customers in that network.

All attacks are via proftpd.

How do they discover the usernames? I am the only user with elevated authority on the server and I am certain my account is secure.

All users are added via DirectAdmin and have no special rights. There must be some kind of exploit that reveals usernames… this cannot be coincidence or random… all brute force attacks are valid usernames.

I’m on CentOS 6 with all updates. DirectAdmin 1.40.3 with all the latest updates.

Suggestions are welcomed.

Thanks,
-Joe

Comments are closed.