Some information to read.
A few weeks ago we ran an experiment to see how long it would take for some IPv4-only and IPv6-only servers to be compromised via SSH brute force attacks.
We configured five cloud servers on Linode and Digital Ocean with the root password set to “password.”* The idea was to see how long it would take before the servers were hacked.
Continued at: https://blog.sucuri.net/2016/09/ssh-...g-to-ddos.html
Any thoughts on this blog post?