Le mercredi 21 mars 2007 à 17:45 -0500, Arthur Pemberton a écrit :
> On 3/21/07, Nicolas Mailhot <nicolas.mailhot@xxxxxxxxxxx> wrote:
> > attackers *do* brute-force usernames, probably because root is usually
> > secured but you can hope hitting a user account with no password
> >
> > install pam_abl. It will profile the attacks for you (for exemple on my
> > system root is the most attacked user but this is dwarfed by one-shot
> > dictionary-user tries)
>
> Hence my point of havign root login off by default.
Hence my point that most attack scripts don't even care about root
anymore :) Any user account will do, and they use common username
databases
Failed users:
(1)
Not blocking
nim (1)
Not blocking
+ (1)
Not blocking
-nim (1)
Not blocking
. (1)
Not blocking
000 (1)
Not blocking
0000 (1)
Not blocking
00000 (1)
...
rooms (1)
Not blocking
rooot (2)
Not blocking
roosevelt (1)
Not blocking
root (340)
Not blocking
root-admin (5)
Not blocking
root-oliver (3)
Not blocking
root1 (1)
Not blocking
root12 (1)
Not blocking
root123 (1)
...
zuza123 (1)
Not blocking
zv (1)
Not blocking
zvfx (1)
Not blocking
zw (1)
Not blocking
zx (1)
Not blocking
zxc (1)
Not blocking
zxvf (3)
Not blocking
zy (1)
Not blocking
zz (1)
Not blocking
zzhou (1)
Not blocking
zzz (3)
Not blocking
zzzz (1)
Not blocking
édith (1)
Not blocking
éliane (1)
Not blocking
élise (1)
Not blocking
éloise (1)
Not blocking
émilie (1)
Not blocking
root (1)
Not blocking
(count is usually higher, I reseted the cache recently)
--
Nicolas Mailhot
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
