2025 we had 1.5 million(!) attempts at logging into medic.cafe (our Fediverse server) from Russian, North Korean, and Chinese actors.
That’s 4100 per day, 171 per hour, 2.8 per Minute.
All of them trying to either directly dump payloads, exploit known issues with third party software (MongoDB right now), or brute force admin passwords.
This is not accounting for VPN’d connections and compromised servers in the US, Europe, or elsewhere in the world. JUST the ones with Russian, NK, or Chinese IP addresses. And, of course, it could also be Berlin based bad actors using compromised servers in Russia or China, but I’d hedge a bet that the former (them using compromised US systems) is more than the latter.
