Hi: Thanks for the kind words! Storing the actual passwords would compromise the security of legitimate users, so we can’t do that, sorry. –Dan
I see what appears to be an encrypted password in the database. I’ve seen various attempts at users other than “admin” and I’m just curious as to what passwords are being tried. It’s curiosity, nothing else. I fully understand about not compromising security and not satisfying my curiosity isn’t a show stopper.
Yeah. I’m sure there are some crazy passwords being tried and it’d be funny to see them. 🙂
Just to share a few I’ve been logging for “admin” seems it’s not a real user:
Passwords tried consist of:
- Pretty much all of the passwords here: http://blog.wundercounter.com/2009/12/twitter-and-avoiding-weak-passwords.html
- Every keyword on the homepage of each of the sites in a multi-site.
- General dictionary searches (with and without numbers added to end / beginning).
- Swear words / profanity (with and without numbers added to end / begining).
- Many repetitive number/letter sequences like:
11223344, 1122334455, a1b2c3d4, qweqweqwe
- And far more complex ones than these below
adminjohnjacknicksupermanSuperman0123456789123456789123456781234567123456123451234123121ADMINISTRATORAdministratorAdmin123456Admin!1qaz2wsxtest123q1w2e3r412admin12hackersadmin!@#changemem123456p@55w0rd- etc. etc.
A large number of these use the user agent Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm).
I noticed one “user” tried various combinations of names and words from the site as the user – and possibly the password as well. Interesting info. Thanks.
The amount of attempts at getting into the admin on the site has dwindled to a trickle since I installed this plugin. I had to block one IP because it wouldn’t quit and I didn’t want to cause problems with the server. I’m certain if I hadn’t blocked the IP, the attempts would still be going on.
