Script kiddies test the defenses of FTP servers and SFTP servers (using SSH) every minute of every day. IT administrators have gotten used to these probes, and smart ones have already enabled IP lockouts on their perimeter servers. (This setting is on the "Server Settings" pane in Serv-U FTP Server.)
However, there are a number of "well known" usernames that should never be used as usernames on FTP servers and SFTP servers because they are just too easy to guess.
10. administrator - Very popular in Windows environments. Don't use it on your FTP server.
9. oracle - Companies that like to write big checks to Larry often cut corners elsewhere to make the payments. Don't follow the herd using "oracle" on systems that connect to the enterprise database.
8. mysql - Don't use the names of other databases or back-end infrastructure either. (Also avoid "sa", "sqlserver" , "nas", "postgres", etc..)
7. user - Popular test account, often set up with too many permissions, and often rolls over from the evaluation environment to production.
6. guest - "Sure, c'mon in. You can use the bathroom, the phone and my checkbook."
5. apache - It's also common to see people name accounts after the web application they support with their FTP or SFTP services. (Also avoid "iis", "serv-u", "nginx", "www", etc.)
4. info - I'm honestly stumped on why "info" is popular (if you know, tell me in the comments), but it is.
3. test - "It's just a test account. I promise I'll delete it - soon."
2. admin - Tempting to use in web applications (including Serv-U) because it's so short. Pick usernames like "[your initials]admin" instead to avoid script kiddies.
1. root - By far, the most popular attack target. If you're building a honeypot, include root. If not, don't.
Did I miss some the usernames you expected to see? If so, tell me about them in the comments section below.