While checking out my apache server logs last week, I noticed that one of my older sites was getting a fair amount of login attempts to wp-login.php from all over the world. So I started grabbing the login information to see what they were trying. The next batch of attacks lasted 23 minutes. The username was always “admin” and the testcookie was always “1”. Here are the passwords:
- example.org123
- example
- password1
- test123
- 12345
- admin
- password
- admin1
- qwerty123
- admin111
- pass
- life777
- 123456
- password123
- abc123
- admin123
- example.org
I replaced the actual domain name with “example” in the above list. If you are using any of those passwords, you may want to consider changing it.
The user-agent doing the probe was always “Mozilla/3.0 (compatible; Indy Library)”. The attacks came from these IP addresses. I assume they were running some form of infected Windows operating system.
- 110.153.9.250: Host 250.9.153.110.in-addr.arpa. not found: 3(NXDOMAIN) (China)
- 120.50.0.61: 61.0.50.120.in-addr.arpa domain name pointer ws4-tunghai-grp-telnet.com.bd. (Bangladesh, not assigned?)
- 202.70.136.158: Host 158.136.70.202.in-addr.arpa. not found: 3(NXDOMAIN) (Indonesia)
- 173.8.94.5: 5.94.8.173.in-addr.arpa domain name pointer 94.8.173.5-Draper.hfc.comcastbusiness.net. (Comcast, USA)
- 175.25.243.22: Host 22.243.25.175.in-addr.arpa. not found: 3(NXDOMAIN) (China, not assigned?)
- 119.187.148.51: Host 51.148.187.119.in-addr.arpa. not found: 3(NXDOMAIN) (China)
- 121.100.28.18: Host 18.28.100.121.in-addr.arpa. not found: 3(NXDOMAIN) (Indonesia)
- 120.132.132.119: Host 119.132.132.120.in-addr.arpa. not found: 3(NXDOMAIN) (China)
- 190.0.9.202: 202.9.0.190.in-addr.arpa domain name pointer Wimax-Cali-190-0-9-202.orbitel.net.co. (Brazil)
- 60.28.209.24: Host 24.209.28.60.in-addr.arpa. not found: 3(NXDOMAIN) (China)
- 89.144.131.106: Host 106.131.144.89.in-addr.arpa. not found: 3(NXDOMAIN) (Iran)
- 177.70.68.155: Host 155.68.70.177.in-addr.arpa. not found: 3(NXDOMAIN) (Brazil)
- 89.222.181.225: 225.181.222.89.in-addr.arpa domain name pointer host-181-225.dialog-k.ru. (Russia)
- 120.198.232.8: Host 8.232.198.120.in-addr.arpa. not found: 3(NXDOMAIN) (China)
- 110.139.173.217: 217.173.139.110.in-addr.arpa domain name pointer 217.subnet110-139-173.speedy.telkom.net.id. (Indonesia)
- 221.2.80.126: Host 126.80.2.221.in-addr.arpa. not found: 3(NXDOMAIN) (China)
- 124.160.147.173: Host 173.147.160.124.in-addr.arpa. not found: 3(NXDOMAIN) (China)
- 195.158.107.5: 5.107.158.195.in-addr.arpa domain name pointer adsl5p5.access.maltanet.net. (Malta)
- 217.129.77.17: 17.77.129.217.in-addr.arpa domain name pointer st-217-129-77-17.netvisao.pt. (Portugal)