I started this blog last summer and have been learning a bit about the challenges webmasters must contend with. One of those challenges is login attempts. I wrote about it in a previous post. For a few months now, I have noticed a number of such attempts. At first it was a single IP address. I then began to notice what I believe is a bot-fleet attack.
The clue came in the form of the passwords themselves. My security plugin only alerts me to the alleged IP address and the login name. I modified the script to keep track of the passwords being used because I was curious about what passwords they were trying. I have posted the results here. I have chosen to remove various R-rated passwords that were originally in the list. You can see near the beginning of the list when several years such as 1985, 1986, and 1987 are tried, all from different IP addresses. It is possible that the IPs have been spoofed but I have no reason to believe that’s the case.
It would be a very good idea to make sure the passwords you use on any site isn’t anything like the ones that are on that list. I thought it was interesting to see that almost all the passwords have only numbers and lowercase letters. Good practice (by today’s standards) says passwords should be at least 8 characters and a combination of uppercase, lowercase, numbers, and special characters (such as @ and #). There are many websites that give suggestions so I won’t go into them here. The first site that came up when I searched “passwords best practice” on Google was a blog entry at Total Defense which has some good tips.