Bob Hoffman wrote: > Okay, I have a server connected to the net but have not added fail2ban or > anything on top of my firewall yet. > > Thought you guys might get a kick out of this one user, ip is from china, > who has got a heck of a knack for making assumptions on possible usernames. > > Enjoy this..., 8000+ attempts. Scroll down for funky ones. I have no root > access enabled on this server and it is pretty bare. Just using it as a > collector of banable ips right now and it is doing a good job. > But some of these are quite interesting when you look at the keyboard > layout. They really must try to figure this mental thing out...wow. > > If you take some time, there are some down right funny usernames like > > 1am0nly4Joomla > Igor > scoobydoo > $chooLg1rL > > So for all you out there that think your cool way of making a username is > unique and not to be guessed, you might want to look at some of the lengths > this one bot went to. > > 58.53.192.47: 8002 times > test/password: 48 times > user/password: 45 times > fax/password: 43 times > www/password: 34 times > info/password: 27 times > /password: 24 times > bill/password: 24 times > httpd/password: 23 times > 1q2w3e/password: 21 times > admin/password: 21 times > > <snip the other 7995 > I think that would definitely classify as a dictionary attack.. but what dictionary has all those kinds of entries :) Sam