Extreme Threat
IP address 218.78.24.117 is a high-risk address linked to sustained SSH brute-force attacks, originating from China Telecom Group infrastructure with a maximum threat level of 10/10. Automated honeypot sensors have recorded 2,055 separate abuse reports against this single IP over approximately six months, with 20 distinct detection points flagging the address for SSH-based intrusion activity and general hacking reconnaissance. The IP operates within ASN AS4811 and was first reported in November 2025, with the most recent activity logged in April 2026.
The overwhelming majority of confirmed threat reports for IP 218.78.24.117 center on automated SSH brute-force attacks, with pattern signatures matching credential-guessing campaigns against exposed SSH services. Detection logs show repeated violations recorded by defensive tools, indicating sustained, high-volume attempts to guess authentication credentials rather than opportunistic scanning. A small number of reports flag the address as a potential compromised host being leveraged for broader intrusion activity. Despite the exceptionally high threat rating and report volume, the 64% confidence score suggests some ambiguity in attribution, though the consistency of SSH-related detection patterns is compelling.
SSH brute-force activity represents one of the most prevalent initial-access vectors in network intrusions. Attackers leverage automated tooling to systematically test credential combinations against exposed SSH daemons, seeking either valid password-based access or misconfigured authentication allowing unauthorized entry. Successful compromise of an SSH server grants persistent command-level access, enabling data exfiltration, lateral movement, deployment of secondary payloads, or integration into botnets. The scale of activity attributed to this address indicates a dedicated or compromised host conducting persistent credential-attack campaigns across multiple target environments.
Site operators should block or aggressively rate-limit traffic from this IP at the network perimeter, enforce key-based SSH authentication and disable password-based authentication entirely, and deploy fail2ban or equivalent dynamic banning tools to automatically block repeat offenders. Changing the default SSH listening port significantly reduces automated targeting. Regular auditing of authentication logs for connections from this address and similar patterns remains essential, and organizations may consider filing an abuse report with China Telecom Group if the activity appears to originate from customer infrastructure rather than the operator itself.
BG 
GB 
TH 
HK 
CZ