Groups | Search | Server Info | Login | Register

Groups > comp.os.linux.security > #720

Re: SSH Exploit: Common Accounts

From Joe Beanfish <joebeanfish@nospam.duh>
Newsgroups comp.os.linux.security
Subject Re: SSH Exploit: Common Accounts
Date 2017-10-05 13:39 +0000
Organization A noiseless patient Spider
Message-ID <or5cmn$jo7$1@dont-email.me> (permalink)
References <Xns97A1E4DA29EFFdontmailmecom@208.49.80.124> <473ab69e-71b1-48fe-8738-29046ea5b2c7@googlegroups.com>

Show all headers | View raw

On Wed, 04 Oct 2017 18:57:25 -0700, alla3002070 wrote:
> marți, 11 aprilie 2006, 09:29:49 UTC+4, Mungo a scris:
>> Think that the shh crackers only go after simple common account names? 
>> Think again. Here is a list of the account names used in 85% of crack tries 
>> we saw over the last two weeks. "root" and "admin" together accounted for 
>> 25%.
>>   
>> 1    	2005    	20admin    	20info    	20jobs    	20mail    	2qjj4toi
>> a    	a2    	abramenko    	academy   	accept    	adam    	adine
>> admin    	administrator    	Administrator    	aiaetn    aleksandrova
>> alekseeva    	alex    	alias    	andrea    	andres    	andrew
>> andrianov    	antonov    	apryatin    	arapova    	art
>> asen    	author    	b    	backup    	backups    	c    	calendar
>> captain    	captn    	compile    	cross    	cyrus    	d
>> delta    	directory    	distributions    	dmoran    	e    	eff
>> eike    	ejohns    	elena    	elf    	elfi    	eliane    	ervers-mail
>> executables    	f    	fax    	fluffy    	ftp    	g    	glloyd
>> guest    	hacker    	hacker2k    	i    	ibm    	imation   
>> imbroglio    	jack    	james    	jjmul    	jmarsden    	khans
>> leo    	logged    	marvin    	max    	mule    	mvlahos
>> mysql    	nobody    	office    	olga    	oracle    	patrick
>> pgsql    	poq    	postgres    	providerprof    	publicidad
>> qwerty    	recruit    	root    	sales    	samba    	scanner
>> security    	settings    	slackware    	staff    	stu
>> student    	student1    	student2    	student3    	student4
>> test    	tester    	testing    	testuser    	thisisnotyourexploit
>> tomcat    	trial    	upload    	uploader    	user    	webmaster
>> zeppelin

These are the ones I saw most frequently before I went to IP whitelisting:

a       
admin   
administrator
administraator
bergetg 
bigsky  
blank   
cisco   
comcast 
default 
D-Link  
Fake    
fax     
fld     
fluffy  
git     
guest   
iclock  
info    
invalid 
manager 
oracle  
pi      
PlcmSpIp
postgres
public  
smtp    
somesecguy
sql     
support 
tech    
tecmint 
test    
ubnt    
ubuntu  
username
vagrant 
vyatta

Back to comp.os.linux.security | Previous | NextPrevious in thread | Find similar

Thread

Re: SSH Exploit: Common Accounts alla3002070@gmail.com - 2017-10-04 18:57 -0700
  Re: SSH Exploit: Common Accounts Joe Beanfish <joebeanfish@nospam.duh> - 2017-10-05 13:39 +0000

csiph-web