Hello guys,
I just want to report with great excitement that my new virtual server got it's very first unsuccessful hacker attack :)
I am developing a bot for the Steem community and soon it will be released for all of you to enjoy the services for free! As I was coding today, I've noticed a new connection to the server which wasn't me! o_O
The attack
Somebody was trying to break my SSH (secure socket shell) password and gain access to the server.
It was a classic brute force attack. Which is similar when you forget your pass and try some combinations :) The difference is that the attacker uses a machine for that and can try thousands of passwords in a minute.
The first thing they try are common passwords, than words, and names. They have a dictionary!
You might going to laugh but the 3 most widely used password is:
- 12345
- password
- 123456
Be sure, that any attacker would try those first:)
Check out this wikipedia article for the most common passwords, I hope yours is not amongst them! ;)
Why there was no danger?
I have a secure password in the server, around 20 characters long.
With that length there is 3.6^39 possible combinations (that's 36 with 38 zeroes behind it). It would take 706 centuries for a powerful machine to break it:) Good luck with that!
About the attacker
I have traced back the attacker's IP address to china but it doesn't mean too much because he could be anywhere. Here are few stats of the used IP:
Choose a strong password!
Here are my advices for secure password:
- Always choose as long as possible password everywhere
- Do not use words, names
- Your key should include upper and lowercase characters at least. Even better if you use numbers and special characters too (@$#&%)
- Do not use the same password at more than one place
Exciting times :)
Image: hack (CC BY-SA 4.0)