{"id":221289,"date":"2025-09-02T03:24:24","date_gmt":"2025-09-02T08:24:24","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/09\/over-16000-compromised-servers-uncovered-using-secure-shell-key-probing-method"},"modified":"2025-09-02T03:24:24","modified_gmt":"2025-09-02T08:24:24","slug":"over-16000-compromised-servers-uncovered-using-secure-shell-key-probing-method","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/09\/over-16000-compromised-servers-uncovered-using-secure-shell-key-probing-method","title":{"rendered":"Over 16,000 compromised servers uncovered using Secure Shell key probing method"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/over-16000-compromised-servers-uncovered-using-secure-shell-key-probing-method.jpg\"><\/a><\/p>\n<p>An international research team from the Max Planck Institute (MPI) for Informatics in Saarbr\u00fccken, Germany, and the Delft University of Technology in the Netherlands has developed a method to detect compromised hosts at an internet scale by probing servers with public SSH keys previously observed in attacker operations.<\/p>\n<p>This way, the team was able to identify more than 16,000 compromised hosts. Their findings have now been <a href=\"https:\/\/www.usenix.org\/system\/files\/usenixsecurity25-munteanu.pdf\" target=\"_blank\">published<\/a> at the <a href=\"https:\/\/www.usenix.org\/conference\/usenixsecurity25\" target=\"_blank\">USENIX Security Symposium 2025<\/a>, where they were awarded a Distinguished Paper Award and the Internet Defense Prize.<\/p>\n<p>Secure Shell (SSH) is one of the most common tools used to manage <a href=\"https:\/\/techxplore.com\/tags\/servers\/\" rel=\"tag\" class=\"\">servers<\/a> remotely. It provides a secure, encrypted channel between a client and a server, allowing users to log in, execute commands, and transfer files safely. SSH is widely used by system administrators and developers for maintaining and configuring remote systems.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>An international research team from the Max Planck Institute (MPI) for Informatics in Saarbr\u00fccken, Germany, and the Delft University of Technology in the Netherlands has developed a method to detect compromised hosts at an internet scale by probing servers with public SSH keys previously observed in attacker operations. This way, the team was able to [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1625,418,1492],"tags":[],"class_list":["post-221289","post","type-post","status-publish","format-standard","hentry","category-encryption","category-internet","category-security"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/221289","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=221289"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/221289\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=221289"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=221289"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=221289"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}