Significant Threat
IP 45.134.26.79 is a high-risk address linked to SSH brute-force attacks, assessed with a threat level of 8/10 based on 170 total abuse reports detected by automated honeypot infrastructure between August and October 2025.
Community and sensor reporting indicates this Russian-origin IP address has generated a substantial volume of abuse reports, with the network operated by Proton66 OOO under ASN AS198953. All 170 reports across the three-month observation window cite SSH as the targeted service, with 20 recent reports recorded from honeypot sensors. The detection originates entirely from honeypot infrastructure rather than direct victim reports, suggesting the activity represents opportunistic scanning rather than confirmed successful intrusions against production systems. The temporal distribution of reports spans August through October 2025, establishing a sustained presence rather than a transient probe.
SSH brute-force attacks attempt to gain unauthorized server access through systematic password guessing or exploitation of SSH service vulnerabilities. The attack pattern detected (fail2ban sshd) confirms automated credential-guessing behaviour consistent with bot-driven scanning campaigns. While the 65% confidence score reflects uncertainty regarding the ultimate intent, the volume of reports indicates persistent automated scanning that poses a concrete risk to any internet-exposed SSH service with weak or default credentials. Attackers leverage such infrastructure to compromise servers, deploy malware or establish persistent backdoor access.
Site operators running accessible SSH services should immediately audit authentication configurations. Deploying key-based authentication eliminates password-guessing risk entirely. Changing the default SSH port reduces automated scanning exposure. Implementing defensive tools such as fail2ban to automatically block repeated authentication failures mitigates brute-force attempts. Disabling root login and enforcing strong, complex passwords for any remaining password-based accounts further hardens exposure. Regular monitoring of authentication logs for unusual source IPs or patterns provides early warning of sustained probing campaigns.
TM 
VN 
UA 
BE 
DZ