I would say that every attacker I've ever encountered was dumb in the sense that it's a bot just scanning around. For ssh, I'm amazed by 2 things - 1, how quick a new server with 22 open on a public IP will be found and attempted to be compromised by brute force guessing, and 2, how changing the port (even to an obvious one like 2222) will eliminate all that noise.
I suppose you could say that the attackers are filtering out anyone who has done some basic hardening, but I suspect the truth is mostly more mundane - the attackers just aren't that motivated/clever; at least the ones who mass scan the internet trying to compromise ssh.
I suppose you could say that the attackers are filtering out anyone who has done some basic hardening, but I suspect the truth is mostly more mundane - the attackers just aren't that motivated/clever; at least the ones who mass scan the internet trying to compromise ssh.