This map is a representation of the geo-locations associated with those IP addresses which have attempted to illegally access my ssh server. This map is updated hourly and uses data from the last 4 days. Each circle represents an IP address. The size of the circle is representative of the number of attempts each IP address has made.
Hold on, this map doesn't necessarily tell you who is authorizing these attacks. These attacks could be originating from rented servers on a hosting service like AWS or compromised computers in a botnet. Hackers, spammers, and other criminals use these techniques to help cover their tracks and prevent their identities from being discovered. It would be very stupid for a criminal to use their home's IP addresses to launch attacks from. That being said, you never know.
In most linux based operating systems, a file located at /var/log/auth.log stores all the authentication attempts on your computer. So, all I do is run through this file for log events such as:
|May 20 11:51:06 MyComputer sshd: User root from 18.104.22.168 not allowed because not listed in AllowUsers|
This is a fairly common log entry that you might find. The IP 22.214.171.124 is attempting to login with the user root. In my server, I banned the user root from being used over ssh, however, that doesn't stop other nefarious individuals from trying. Gaining access to a computer without the permission of its owner is illegal under US CODE §1030 otherwise known as the Computer Fraud and Abuse act. That's why I consider this log entry to be a single attack attempt originating from the IP address 126.96.36.199.
Honestly I have no idea. My guess is that whatever organizations/individuals that conduct these attacks figure that the very small probability, yet potentially large payout, of gaining access to a poorly configured server is large enough to offset the low cost of operating these attacks. Of course, these brute force attacks are mostly a waste of time.
I don't know. Why are you asking me?