Someone was bored last night

Leave a comment

More and more lately I've watched boneheads on the internet try to break into my web servers.  On some days there are no attempted hacks and on other days there are literally hundreds by the same person (based on IP address).  To give you a little idea of how dumb some of these would-be hackers really are, I thought I'd post a portion of the security log to quantify the lack of intelligence at play here.

The humor in this particular set of log entries can be found in some of the names used.

For instance, you'll notice they tried to login as "sybase."  Sybase is a database software and it's shown clearly at the bottom of my web pages that I use MySQL for my database services, so that had to have been a typo, right?  They did also try the "mysql" user ID, so perhaps they were just being thorough.

There's also a whole list of proper names (like Adam, Alan, Frank, George, Pam and Patrick), but none of those are valid either.  The funny thing with this is that the sites and servers are registered to me — and my name is Jason — yet at no time did they try that user ID.  It wouldn't have helped since there is no user named "jason" on the servers, but they didn't know that.

This time they tried 856 times to get logged in.  As I said, someone was apparently bored.

I just thought it was interesting enough to post.  Perhaps my little friend from Italy (that's where this hacker was coming from) will come see that I was so impressed by his efforts that I decided to save it for posterity's sake.

 

account/password from 82.91.207.3: 8 Time(s)
adam/password from 82.91.207.3: 8 Time(s)
adm/password from 82.91.207.3: 16 Time(s)
alan/password from 82.91.207.3: 8 Time(s)
apache/password from 82.91.207.3: 8 Time(s)
backup/password from 82.91.207.3: 8 Time(s)
cip51/password from 82.91.207.3: 8 Time(s)
cip52/password from 82.91.207.3: 8 Time(s)
cosmin/password from 82.91.207.3: 8 Time(s)
cyrus/password from 82.91.207.3: 8 Time(s)
data/password from 82.91.207.3: 8 Time(s)
frank/password from 82.91.207.3: 8 Time(s)
george/password from 82.91.207.3: 8 Time(s)
henry/password from 82.91.207.3: 8 Time(s)
horde/password from 82.91.207.3: 8 Time(s)
iceuser/password from 82.91.207.3: 8 Time(s)
irc/password from 82.91.207.3: 16 Time(s)
jane/password from 82.91.207.3: 8 Time(s)
john/password from 82.91.207.3: 8 Time(s)
master/password from 82.91.207.3: 8 Time(s)
matt/password from 82.91.207.3: 8 Time(s)
mysql/password from 82.91.207.3: 8 Time(s)
nobody/password from 82.91.207.3: 8 Time(s)
noc/password from 82.91.207.3: 8 Time(s)
operator/password from 82.91.207.3: 8 Time(s)
oracle/password from 82.91.207.3: 8 Time(s)
pamela/password from 82.91.207.3: 8 Time(s)
patrick/password from 82.91.207.3: 16 Time(s)
rolo/password from 82.91.207.3: 8 Time(s)
root/password from 82.91.207.3: 472 Time(s)
server/password from 82.91.207.3: 8 Time(s)
sybase/password from 82.91.207.3: 8 Time(s)
test/password from 82.91.207.3: 40 Time(s)
user/password from 82.91.207.3: 24 Time(s)
web/password from 82.91.207.3: 16 Time(s)
webmaster/password from 82.91.207.3: 8 Time(s)
www-data/password from 82.91.207.3: 8 Time(s)
www/password from 82.91.207.3: 8 Time(s)
wwwrun/password from 82.91.207.3: 8 Time(s)

Leave a Reply