Yes, of course you're right, my mistake. Mainly I wanted to share some information and give examples of passwords.
Here are some more observations which I made during the last months:
Most of the time it seems that the attackers are using a list of popular passwords, the same passwords appear over and over again: 12345, qwerty, 1q2w3e4r, and so on.
Most of the time they try to login as "admin", "Admin", "administrator", "root" or the name of the domain or blog or a part of that name, for example omitting a ".com".
In the HTTP requests, the parameters "log" (for the user name) and "pwd" (for the password) are always transmitted, but the parameters "wp-submit=Log In" and "testcookie=1" are not always transmitted.
Many of these attacks do not transmit a user-agent field in the HTTP headers. Blocking the empty user-agent seems like a good idea to me.
These attacks look simple, but I guess that they are successful on a big number of sites.
Here are some more observations which I made during the last months:
Most of the time it seems that the attackers are using a list of popular passwords, the same passwords appear over and over again: 12345, qwerty, 1q2w3e4r, and so on.
Most of the time they try to login as "admin", "Admin", "administrator", "root" or the name of the domain or blog or a part of that name, for example omitting a ".com".
In the HTTP requests, the parameters "log" (for the user name) and "pwd" (for the password) are always transmitted, but the parameters "wp-submit=Log In" and "testcookie=1" are not always transmitted.
Many of these attacks do not transmit a user-agent field in the HTTP headers. Blocking the empty user-agent seems like a good idea to me.
These attacks look simple, but I guess that they are successful on a big number of sites.