Looking at today’s security run output that FreeBSD likes to send to me by default, I find an interesting hack run amongst the several I usually get a day:

Nov 27 14:03:16 [anonymised] sshd[48794]: Invalid user ryback from 218.1.65.241
Nov 27 14:03:49 [anonymised] sshd[48810]: Invalid user ryback from 218.1.65.241
Nov 27 14:04:44 [anonymised] sshd[48844]: Invalid user ryback from 218.1.65.241
Nov 27 14:07:41 [anonymised] sshd[48979]: Invalid user ryback from 218.1.65.241

The script kiddie in question is trying to use the username ryback to get into my machine. Casey Ryback, of course, is Steven Seagal’s ex-Navy SEAL character in the Under Siege series, kicking large amounts of terrorist arse with kung-fu, knives and in Under Siege 2 a Newton MessagePad. This “ryback”, however, is just hitting against a sshd which has password access disabled completely and as such will have no success whatsoever to anyone who doesn’t have my private key – that is, everyone but me.

The IP address is in (sigh) China Telecom space, Shanghai province; no chance of tracing that then. Wonder where they got the name from.