SSHD_config question
Brian McKee
brian.mckee at gmail.com
Fri Aug 15 14:26:39 UTC 2008
On Fri, Aug 15, 2008 at 7:44 AM, Adam Funk <a24061 at ducksburg.com> wrote:
> On 2008-08-14, NoOp wrote:
>
>>> That being said, if you use real passwords (i.e. longer than 8,
>>> include at least more than one case, some numbers and punctuation -
>>> definitely not something you can find in a newspaper) you are fine.
>>>
>>> If you look at the attempts those ssh bots are trying the passwords
>>> are laughably bad. If you have a laughably bad password then you have
>>> issues :-)
>
>> Agree there... (laughably bad password attempts).
>
> From the log dumps I've seen, they also go through lists of common
> forenames as accounts.
>
> The passwords that the bots try don't show up in the logs (of course!)
> --- did you use some special honeytrap tool to see what they were?
Over the last couple of years I've seen several articles from honeypot
admins showing the passwords tried.
It was a who's who of easily guessable passwords. Sorry I don't have
any links handy, but I'm sure Google could provide.
Brian
More information about the ubuntu-users
mailing list