We put two test servers online running Prometheus AI. No special configuration. Just standard VPS instances with SSH exposed.
In 72 hours:
- 11,117 malicious events detected
- 224 unique attacking IPs
- 5 DDoS attempts caught
- 799 attempts from the most persistent attacker
The Attacks Never Stop
Within minutes of going online, both servers started getting hit. SSH brute force is the bread and butter - bots cycling through common usernames like root, admin, postgres, oracle, and ubuntu.
Our top 10 attackers alone were responsible for over 3,500 attempts:
- 136.185.1.139 - 799 attempts
- 185.246.130.20 - 652 attempts
- 165.245.143.85 - 510 attempts
- 165.245.130.251 - 500 attempts
- 91.202.233.33 - 458 attempts
These aren't targeted attacks. They're automated scanners hitting every IP on the internet, looking for weak credentials.
DDoS Detection
On one server, we caught 5 DDoS attempts. The agent detected abnormal traffic patterns and flagged them before they could cause problems.
Real-time traffic monitoring lets you see bandwidth spikes the moment they happen - not hours later when you're reviewing logs.
What This Means
If you're running servers without visibility into what's hitting them, you're flying blind. This wasn't a honeypot designed to attract attacks. These were standard VPS instances that happened to be monitored.
Every server you run is getting probed like this. The question is whether you know about it.
Try It Yourself
DDoS monitoring is live now. One command to install, real-time dashboard to see everything.
Looking for beta testers running game servers or anything that gets targeted regularly. Sign up here or DM me on Discord.