Home Services Areas Served Threat Intelligence FAQ Contact Client Login Free Security Check
Back to Blog

3 Days, 11,000 Attacks: What We Learned

2026-01-17 · Trevor Skinner

We put two test servers online running Prometheus AI. No special configuration. Just standard VPS instances with SSH exposed.

In 72 hours:

  • 11,117 malicious events detected
  • 224 unique attacking IPs
  • 5 DDoS attempts caught
  • 799 attempts from the most persistent attacker

The Attacks Never Stop

Within minutes of going online, both servers started getting hit. SSH brute force is the bread and butter - bots cycling through common usernames like root, admin, postgres, oracle, and ubuntu.

Our top 10 attackers alone were responsible for over 3,500 attempts:

  • 136.185.1.139 - 799 attempts
  • 185.246.130.20 - 652 attempts
  • 165.245.143.85 - 510 attempts
  • 165.245.130.251 - 500 attempts
  • 91.202.233.33 - 458 attempts

These aren't targeted attacks. They're automated scanners hitting every IP on the internet, looking for weak credentials.

DDoS Detection

On one server, we caught 5 DDoS attempts. The agent detected abnormal traffic patterns and flagged them before they could cause problems.

Real-time traffic monitoring lets you see bandwidth spikes the moment they happen - not hours later when you're reviewing logs.

What This Means

If you're running servers without visibility into what's hitting them, you're flying blind. This wasn't a honeypot designed to attract attacks. These were standard VPS instances that happened to be monitored.

Every server you run is getting probed like this. The question is whether you know about it.

Try It Yourself

DDoS monitoring is live now. One command to install, real-time dashboard to see everything.

Looking for beta testers running game servers or anything that gets targeted regularly. Sign up here or DM me on Discord.