Nothing really new here, but I thought this was interesting and maybe someone will learn from this. If you think “P@$$w0rd” is a good password, you should definitely learn from this (and change your password).
There’s a botnet that’s been particularly active recently trying to bruteforce passwords. As in, many, many times more active than the usual bruteforce activity I see on my servers. I don’t know if it’s the same botnet that Synology has been warning about lately, but either way, it’s a global botnet that is trying a lot of passwords. I’ve been watching it try to crack into my mail server for a few days now. Good practices include:
- Using strong passwords for anything that faces the Internet
- Using a bruteforce detection system like CSF/LFD or fail2ban to block IPs that will otherwise hammer your server all day (if you run a server)
Below is a list of about 500 passwords this botnet tried over the course of a few hours today. These attempts came from all over the world: China, Russia, Thailand, the United States, South Korea, Great Britain, Sweden, and Canada, to name a few (which is why blocking countries doesn’t help much – it’s easy to bypass those blocks with a VPN or a botnet).
None of these is anything close to any of my actual passwords (“admin”? really!?), but if you’ve ever set up a service and created a quick password resembling any of those below that you promise you’ll change later, don’t do that.
Notice that at quick glance, no password was attempted more than twice. That tells me there’s a control server somewhere telling the botnet what to do and keeping track of the results of the attempts. Otherwise I’d expect to see more duplicates if it was just hundreds of machines running a brute force script with the same internal logic.
Just keep in mind that while you’re at work, sleeping, or out having fun, there are machines all over the world quietly trying to guess your passwords, 24 hours a day. So keep them strong. I’ve worked in web development and system administration for decades, and I still know people who choose passwords like this.
Oh, and 12345? I’ve got the same combination on my luggage!
| !!Gre |
| !!Gre0 |
| !!Gre10 |
| !!Gre2000 |
| !!Gre2002 |
| !!Gre2002 |
| !!Gre2003 |
| !!Gre2005 |
| !!Gre2005 |
| !!Gre2006 |
| !!Gre2011 |
| !!Gre2013 |
| !!Gre2015 |
| !!Gre2016 |
| !!Gre4 |
| !!greg |
| !!greg |
| !!Greg1 |
| !!Greg10 |
| !!Greg123456 |
| !!Greg2006 |
| !!Greg2007 |
| !!Greg2011 |
| !!Greg2017 |
| !!Greg2020 |
| !!Greg4 |
| !!greghausman |
| !!Greghausman11 |
| !!Greghausman2 |
| !!Greghausman2004 |
| !!Greghausman2011 |
| !!Greghausman2013 |
| !!Greghausman2018 |
| !!Greghausman2020 |
| !!hausman |
| !!Hausman1234 |
| !!Hausman2 |
| !!Hausman2001 |
| !!Hausman2003 |
| !!Hausman2004 |
| !!Hausman2006 |
| !!Hausman2008 |
| !!Hausman2008 |
| !!Hausman2012 |
| !!Hausman2013 |
| !!Hausman2013 |
| !!Hausman2014 |
| !!Hausman2015 |
| !!Hausman2015 |
| !!Hausman2016 |
| !!Hausman2018 |
| !!Hausman2021 |
| !!Hausman2021 |
| !!Hausman4 |
| !!Hausman6 |
| !!Hausman9 |
| !!Hausmanabc123 |
| !!Reg1 |
| !!Reg10 |
| !!Reg2003 |
| !!Reg2010 |
| !!Reg2011 |
| !!Reg2011 |
| !!Reg2014 |
| !!Reg2014 |
| !!Reg2016 |
| !!Reg2020 |
| !!Reg4 |
| !!Reg5 |
| !Gre11 |
| !Gre12 |
| !Gre123123 |
| !Gre2 |
| !Gre2000 |
| !Gre2003 |
| !Gre2004 |
| !Gre2009 |
| !Gre2015 |
| !Gre5 |
| !Gre8 |
| !Greabc123 |
| !greg |
| !Greg0 |
| !Greg1 |
| !Greg1234 |
| !Greg123456 |
| !Greg2008 |
| !Greg2011 |
| !Greg2012 |
| !Greg3 |
| !Greg4 |
| !Greg7 |
| !Greg9 |
| !Greghausman2 |
| !Greghausman2003 |
| !Greghausman2004 |
| !Greghausman2007 |
| !Greghausman2007 |
| !Greghausman2013 |
| !Greghausman5 |
| !Greghausman5 |
| !Greghausmanabc |
| !Hausman1 |
| !Hausman10 |
| !Hausman123456 |
| !Hausman2001 |
| !Hausman2002 |
| !Hausman2004 |
| !Hausman2004 |
| !Hausman2005 |
| !Hausman2006 |
| !Hausman2007 |
| !Hausman2017 |
| !Hausman2017 |
| !Hausman2020 |
| !Hausman2021 |
| !Hausmanabc123 |
| !reg |
| !Reg2002 |
| !Reg2003 |
| !Reg2006 |
| !Reg2009 |
| !Reg2010 |
| !Reg2016 |
| !Reg3 |
| !Reg8 |
| 111111 |
| 123123 |
| 123321 |
| 123321 |
| 1234 |
| 12345 |
| 12345 |
| 123456 |
| 1234567 |
| 12345678 |
| 123456789 |
| 1234567890 |
| 12qwaszx |
| 12qwaszx |
| 1q2w3e |
| 1q2w3e |
| 1q2w3e4r |
| 1q2w3e4r5t |
| 1qaz2wsx |
| 1qaz2wsx |
| 3laneads |
| 54321 |
| 654321 |
| 666666 |
| 7654321 |
| 7777777 |
| 8eppMb0vchJN |
| 987654321 |
| Aa11111111 |
| abc123 |
| abc123 |
| Abc123 |
| abcd1234 |
| Abcd1234 |
| accounts |
| accounts |
| Accounts |
| accounts123 |
| Accounts123 |
| admin |
| admin |
| Admin |
| admin1 |
| Admin1 |
| admin123 |
| Admin123 |
| Admin123 |
| admin1234 |
| Admin1234 |
| administrator |
| Administrator |
| Administrator |
| Aiiupmn123 |
| Anabelle |
| anabelle |
| andreas |
| Andreas |
| Ar87654 |
| books1 |
| Books1 |
| bryan1 |
| Bryan1 |
| Cannon01 |
| Capreit |
| capreit |
| capreit |
| Celeste1 |
| changeme |
| changeme |
| Changeme |
| cheeseburger |
| cheeseburger |
| Cheeseburger |
| choice1 |
| Choice1 |
| chris |
| Chris |
| contact |
| Contact |
| council12345678901 |
| Council12345678901 |
| d0l0m1te |
| d0l0m1te |
| D0l0m1te |
| D0l0m1te |
| daniel |
| daniel |
| Daniel |
| Daniel |
| dav1ds |
| Dav1ds |
| david |
| David |
| dayton21 |
| Dayton21 |
| dlcf1987 |
| Dlcf1987 |
| farrell1 |
| Farrell1 |
| gesencro1234 |
| Gesencro1234 |
| Global123 |
| Gr2001 |
| Gre |
| gre1 |
| Gre11 |
| Gre123123 |
| Gre123123 |
| gre1234 |
| Gre2001 |
| Gre2002 |
| gre2005 |
| gre2005 |
| gre2006 |
| Gre2011 |
| gre2014 |
| gre2018 |
| gre2020 |
| gre2020 |
| gre2021 |
| Greabc |
| Greg1 |
| Greg10 |
| Greg10 |
| Greg11 |
| greg12 |
| greg123 |
| Greg123123 |
| Greg12345 |
| Greg123456 |
| Greg123456 |
| Greg2 |
| Greg2003 |
| greg2006 |
| Greg2006 |
| Greg2007 |
| greg2007 |
| greg2008 |
| greg2011 |
| Greg2012 |
| Greg2013 |
| Greg2017 |
| Greg2017 |
| greg2021 |
| Greg4 |
| greg4 |
| greg5 |
| greg7 |
| greg7 |
| gregabc |
| gregabc |
| Gregh2002 |
| Gregh2004 |
| Gregha2000 |
| Gregha2003 |
| Greghau2003 |
| Greghau2004 |
| Greghaus2002 |
| Greghausm2004 |
| Greghausma2000 |
| Greghausma2002 |
| Greghausman.com |
| Greghausman0 |
| greghausman1 |
| greghausman12 |
| greghausman12 |
| greghausman123 |
| greghausman123 |
| Greghausman1234 |
| greghausman2000 |
| greghausman2000 |
| Greghausman2001 |
| Greghausman2003 |
| Greghausman2006 |
| greghausman2007 |
| Greghausman2010 |
| greghausman2013 |
| Greghausman2014 |
| Greghausman2014 |
| greghausman2014 |
| Greghausman2015 |
| Greghausman2016 |
| Greghausman2020 |
| greghausman4 |
| Greghausman5 |
| Greghausman8 |
| habo1234 |
| Habo1234 |
| Hausman0 |
| hausman0 |
| hausman0 |
| hausman10 |
| hausman123123 |
| Hausman123456 |
| Hausman2 |
| hausman2000 |
| Hausman2000 |
| Hausman2000 |
| hausman2005 |
| hausman2005 |
| hausman2015 |
| hausman2020 |
| hausman5 |
| hausmanabc123 |
| Hausmanabc123 |
| Hausmanabc123 |
| Hcisd1 |
| Hotel |
| India123 |
| india123 |
| info |
| Info |
| info01 |
| Info01 |
| info1 |
| Info1 |
| Info1 |
| info123 |
| Info123 |
| info1234 |
| Info1234 |
| info12345 |
| Info12345 |
| info2016 |
| Info2016 |
| Info2016 |
| Info2019 |
| info2019 |
| kennedy |
| Kennedy |
| leagus34 |
| Leagus34 |
| letmein |
| Letmein |
| Letmein1 |
| Letmein1 |
| letmein1 |
| Letmein123 |
| Letmein123 |
| letmein123 |
| makespace |
| Makespace |
| Manager123 |
| Manager123 |
| martin |
| martin |
| Martin |
| master123 |
| Master123 |
| Master123 |
| mendle1 |
| Mendle1 |
| michael |
| Michael |
| moldbase |
| Moldbase |
| Money3030 |
| Money3030 |
| money3030 |
| monroe |
| Monroe |
| monster1 |
| Monster1 |
| national123 |
| National123 |
| noreply |
| Noreply |
| nova123 |
| Nova123 |
| office |
| office |
| Office |
| Office |
| office1 |
| Office1 |
| Office1 |
| OutThere1 |
| P@$$w0rd |
| P@$$w0rd |
| P@ssw0rd |
| p@ssw0rd |
| p1nba11 |
| P1nba11 |
| Pa$$w0rd |
| Pa$$w0rd |
| Pass123 |
| pass123 |
| Passw0rd |
| passw0rd |
| Passw0rd! |
| Passw0rd1 |
| Passw0rd1 |
| password |
| Password |
| PASSWORD |
| Password01 |
| password01 |
| Password1 |
| password1 |
| password1123 |
| password1123 |
| Password1123 |
| Password1123 |
| Password123 |
| password123 |
| Password123! |
| Password1234 |
| password1234 |
| Password12345 |
| password12345 |
| passwort |
| Passwort |
| peanut1 |
| Peanut1 |
| postmaster |
| Postmaster |
| PP@ssw0rd@ssw0rd |
| qwerty |
| Qwerty |
| qwerty123 |
| Qwerty123 |
| ralle |
| Ralle |
| Reg |
| reg0 |
| reg10 |
| reg10 |
| reg12 |
| reg12 |
| Reg123456 |
| Reg2 |
| Reg2000 |
| Reg2001 |
| reg2001 |
| Reg2002 |
| reg2002 |
| Reg2003 |
| Reg2004 |
| Reg2007 |
| reg2012 |
| reg2015 |
| reg2020 |
| Reg7 |
| regabc |
| regabc123 |
| regabc123 |
| Regabc123 |
| richard |
| richard |
| Richard |
| sales |
| Sales |
| sales123 |
| Sales123 |
| sales1234 |
| Sales1234 |
| sandra |
| Sandra |
| service |
| Service |
| Sms123456 |
| Spoon01 |
| stanley |
| Stanley |
| stefan |
| Stefan |
| steve |
| Steve |
| support |
| Support |
| support123 |
| Support123 |
| test |
| Test |
| test123 |
| Test123 |
| test1234 |
| Test1234 |
| thomas |
| Thomas |
| Tie123456 |
| Tie123456 |
| travel1 |
| Travel1 |
| united |
| united |
| United |
| User |
| User |
| Vastwaves123 |
| vastwaves123 |
| videoplus |
| Videoplus |
| Videoplus |
| volvo |
| Volvo |
| webmaster |
| Webmaster |
| webmaster1 |
| Webmaster1 |
| welcome |
| welcome |
| Welcome |
| Welcome |
| Welcome1 |
| Welcome1 |
| welcome1 |
| Welcome123 |
| welcome123 |
| Welcome2 |
| Welcome2 |