One common and stupidly simple way hosts are compromissed is weak SSH passwords. You would think people have learned by now, but evidently there are still enough systems with root passwords like 12345 around to make scanning for them a worthwhile exercise.
As a result, one of my favorite honeypot tools is kippo, and we have talked about the tool before. I figured it is a good time again to write a quick update on some recent compromisses