Comments on: Compromised Passwords

By: David

David — Sun, 04 Jan 2009 01:44:37 +0000

Hi Avi, Happy New Year!

The reason I am contacting you is to learn how I can integrate a google map that I
have created into my wordpress blog.

I want to create a map for my blog with the same exact functionality as the one in the website below.

http://earth2tech.com/2008/02/25/earth2tech-maps-101-cleantech-startups/

Just click on the view larger map hyperlink, this will take you to the map and show
its configuration and functionality.

I am a technical coding newbie, so I really appreciate any help you may be able
to provide.

Thank you in advance.

All the best,

David
Energybloggers.com

By: Avi

Avi — Tue, 30 Dec 2008 14:45:30 +0000

@monsted, these 142002 are all unique. There is no repeated combination of user and password.

What you commented as “ace ace” means user “ace” with password “ace”. Each line has the user for the first word and its password for the second word.

By: Jani Mikkonen

Jani Mikkonen — Mon, 29 Dec 2008 10:10:18 +0000

Besides the suggestions above, you will cut the bruteforce attacks against your ssh by changing the port ssh listens for incoming connections to something other than port 22.

Anyway, thanks for the list!

By: monsted

monsted — Sun, 28 Dec 2008 19:25:41 +0000

142000 passwords sounds impressive, but you should run a “uniq” on that list to cut out all of the duplicates. “ace ace” is just one of many that repeat.

By: Tarakeshwar

Tarakeshwar — Sun, 28 Dec 2008 15:34:07 +0000

I dont understand how ppl ssh into systems which are connected over internet? I have a wifi modem which when connected to internet gets a public IP and the modem assigns a private ip to my system which means that the modem does acts as a NAT box or does routing. My system is never assigned a public IP in any case? Also my understanding is that the ip which my modem gets is down the heirarchy of multiple level of NATS. How does a cracker can even manage to log into my system considering he knows my root passwd somehow?

By: paul

paul — Wed, 17 Dec 2008 13:03:08 +0000

thanks for assembling the list. on linux i use denyhosts – this cuts them off after a few tries.
see http://denyhosts.sourceforge.net/

By: Avi

Avi — Thu, 27 Nov 2008 13:00:21 +0000

Marcelo Criscuolo contributed today 456 additional user+password combinations. Already merged in the compromised-passwords.txt file.

By: Renato

Renato — Thu, 27 Nov 2008 12:37:13 +0000

é, também estou salvo….
As pessoas ao menos deviam ter um pouco mais de dissernimento ao escolherem suas senhas né…

E não sabia que os crakers hoje em dia estão fazendo isso…..

By: netmask

netmask — Thu, 27 Nov 2008 10:44:54 +0000

Nice article. Makes me wanna build my own honeypot.

By: Não use estas senhas

Não use estas senhas — Wed, 26 Nov 2008 17:33:09 +0000

[...] por Avi Alkalay (avibrazilΘgmail·com) – referência [...]