As the creator and one of the maintainers of the SecLists Project, I like creating lists of usernames and passwords that are live and used in the wild.
So I decided to capture some data on what usernames and passwords were being attempted against my site’s WordPress install over a single day. Here are some of my findings:
The attacks are common and constant
- I logged 56,490 malicious attempts to log into my site over the last 7 days, with massive bursts coming from Vietnam and Ukraine.
The usernames don’t vary that much
The top usernames were:
- admin (90%)
- administrator (8%)
- danielmiessler.com (2%)
The passwords were quite simple
This is to be expected, but it adds gravity to the point that you should have a good password that’s not on this list:
- admin
- 123456
- 123123
- admin123″
- password1″
- abc123″
- 12341234″
- querty”
- pass”
- administrator”
Some observations
I found a few things interesting about this data.
- Different attacks used widely different lists. In particular, a big attack out of Hanoi didn’t look anything like another attack from Ukraine
- Many of the passwords used closing quotes after the password
Takeaways
Well…don’t use simple passwords.
I’ve added the lists to the SecLists Project under the passwords section.