|
|
|
|
|
|
by kazinator
660 days ago
|
|
|
Addendum: I just ran some scripts to see what attackers are trying. They probe various funny user names but there doesn't appear to be any system behind it. They are all short names. The vast majority of them are nothing but lower case letters. A few have underscores and digits, as well as dashes and periods. Some are digits only. A few are using glyph characters: !
!!!
?
#$
I suspect that the user IDs being tried are all targeting known passwords that have been obtained before. I.e. they are probing "where else on the planet has the same user ID used that same password".The valid users they are trying are:
avahi
backup
bin
daemon
Debian-exim
foo
games
gdm
gnats
hplip
irc
libuuid
list
lp
mail
man
messagebus
news
nobody
ntp
postgres
proxy
root
saned
sshd
sshroot
statd
sync
sys
uucp
www-data None of these allow login; they have a * in the shadow file. |
|
|