Here are some great insights from Justin Gerharter on the need for strong passwords. Seems he recently upgraded his file transfer server to one that includes encrypted protocols, extensive logging and probably a slew of other secure file transfer administrative controls.
Here’s what he saw when poking into the log data:
“I thought it would be entertaining to review the logs from the weekend to see what kind of shenanigans went on with it over the last few days. Of course there were attempts to access it by three or four different IP addresses.
The entertaining part was the usernames they attempted. There where the usual suspects like root, admin, test, guest, anonymous, etc. How about “bitch” for a username? Gee… I wonder what the password would be for that user? What about CyberJohn? Is that the nickname of Eliot Spitzer? I realize that these were automated attempts but come on. Bitch? Seriously? In case you are wondering the password for bitch was sonofa. You’d think after the 50th time of getting “connection denied by client IP” their automated attempts would be smart enough to stop but they weren’t.
The one thing the log review did enlighten me to was the need for complex usernames as well as complex passwords. Kind of scary how close a couple of the attempts were to actual user names.”
Justin’s last comments are VERY important and it brings us back to my recent ranting about the need to use strong passwords, whether or not required by the server administrator or not. Just do it!

No related posts.