1. Forum
  2. FidoNet
  3. FIDONEWS

  • Break in attempt

    From Ward Dossche@2:292/854 to All on Wed Mar 6 13:36:36 2024
    This was funny, someone tried to break into my account with thousands and thousands multiple attempts with differing passwords ... really interesting to observe ... here's an example ...

    \%/@rd

    "anonymous"
    "123456"
    "admin"
    "root"
    "password"
    "123123"
    "123"
    "pass1234"
    "ftp"
    "ftpftp"
    "ftp1"
    "ftp123"
    "ftp2016"
    "ftp2015"
    "ftp!"
    ""
    "P@ssw0rd!!"
    "qwa123"
    "12345678"
    "test"
    "123qwe!@#"
    "123456789"
    "123321"
    "1314520"
    "159357"
    "ftp2017"
    "666666"
    "woaini"
    "fuckyou"
    "000000"
    "1234567890"
    "8888888"
    "qwerty"
    "1qaz2wsx"
    "abc123"
    "abc123456"
    "1q2w3e4r"
    "123qwe"
    "ftp2019"
    "ftp2018"
    "p@ssw0rd"
    "p@55w0rd"
    "password!"
    "p@ssw0rd!"
    "password1"
    "r00t"
    "tomcat"
    "5201314"
    "system"
    "pass"
    "1234"
    "12345"
    "1234567"
    "devry"
    "111111"
    "admin123"
    "derok010101"
    "windows"
    "email@email.com"
    "qazxswedc`123"
    "qwerty123456"
    "qazxswedc"

    --- DB4 - 20230201
    * Origin: Many Glacier - Preserve / Protect / Conserve (2:292/854)
  • From Wilfred van Velzen@2:280/464 to Ward Dossche on Wed Mar 6 13:48:42 2024
    Hi Ward,

    On 2024-03-06 13:36:37, you wrote to All:

    This was funny, someone tried to break into my account

    "account"? For what service?

    with thousands and thousands multiple attempts with differing
    passwords ... really interesting to observe ...

    Nothing new...

    root@ubuntu:/var/log# grep 'Invalid user' auth.log | wc -l
    26865

    This is for a period of 3,5 days on a public server. They are all ssh login attempts with password authentication. Which will never work even if they correctly "guessed" a user and password combination. Because only authentication with keys is allowed on this server.

    I see the same on all public servers I administer.


    Bye, Wilfred.

    --- FMail-lnx64 2.2.1.1
    * Origin: FMail development HQ (2:280/464)
  • From Ward Dossche@2:292/854 to Wilfred van Velzen on Wed Mar 6 14:10:00 2024
    Wilfred,

    This was funny, someone tried to break into my account

    "account"? For what service?

    Private account, private server delivering services to the gymnastics community.

    \%/@rd

    --- DB4 - 20230201
    * Origin: Many Glacier - Preserve / Protect / Conserve (2:292/854)
  • From Christian Vanguers@2:292/2226 to Ward Dossche on Tue Mar 12 15:20:54 2024

    Hello Ward!

    06 Mar 24 13:36, you wrote to all:

    This was funny, someone tried to break into my account with thousands
    and thousands multiple attempts with differing passwords ... really interesting to observe ... here's an example ...

    \%/@rd

    "anonymous"
    "123456"
    "admin"
    "root"
    "password"
    "123123"
    "123"

    Clearly a dictionnary attack. Very likely the popular "rockyou" wordlist that every budding hacker is taught to use.
    The wordlist contains the passwords from the many data leaks over the years and it's the very first list they will usually try on a target.

    # zcat /usr/share/wordlists/rockyou.txt.gz | wc -l
    14344392

    Chris


    --- GoldED+/LNX 1.1.5--b20170303
    * Origin: ----> SPARK BBS (2:292/2226)