The address 66.249.28.125 is in the DenyHosts database at www.denyhosts.net

Daniel Norton wrote:
> FYI, there's an active ssh hacker at 66.249.28.125. RDNS shows this
> as canyondesigngroup.com . I contacted them Canyon at +1 818 487-9611
> and the person claiming to have knowledge of their network said that
> he was aware of the breach, that he had control of the site and that
> he refused to shut down the site.
>
> These are all the IP addresses I can easily find that are associated
> with canyondesigngroup.com :
>
> 66.249.28.125
> - A record for dancingshiva.com
> - A record for mail.dancingshiva.com
> - RDNS to canyondesigngroup.com
>
> 72.47.195.42
> - A record for canyondesigngroup.com
> - A record for www.canyondesigngroup.com
>
> 207.47.115.125
> - A record for mail.canyondesigngroup.com
> - RDNS to mail.canyondesigngroup.com
>
> 66.253.51.90
> - A record for mail2.canyondesigngroup.com
> - RDNS to dsl253-051-090.lax1.dsl.speakeasy.net

Looks like time to talk to speakeasy.net, doesn't it?