With the update of Spagi I also installed a lot more capacity for logging. In that matter I installed a mysql log for VSFTP connection. In only 2 days I’ve got over 15 000 entry in the database. All unsuccessful connection that are a dead on hint that it was a attack try. I’ve then installed Fail2Ban that block an IP for an hour after 6 fail.
While looking at the list of attacks I’ve been stunt how much those attack are done thru standard username that would seems to be obvious “don’t”. But if those attacks use them, they are probably successful sometimes. A funny username might not bare the pprofessionallook of “administrator” but it might be more secure because you can’t guess it easily. A wood contractor could use the_nail or glue as username. They will be hard to guess !
But most and foremost information out of it, NEVER use admin or administrator as username. It render half of the security ineffective.
I’ll leave you with the most common attack username I’ve got :
| Username | Occurrence |
|---|---|
| admin | 1042 |
| administrator | 898 |
| admin@[nom_de_domaine] | 770 |
| administrator@[nom_de_domaine] | 754 |
| ftpadmin | 426 |
| ftpuser | 426 |
| demo | 426 |
| backup | 426 |
| guest | 426 |
| guest1 | 426 |
| info | 426 |
| guest123 | 426 |
| [nom_de_domaine] | 314 |
| ftpadmin@[nom_de_domaine] | 142 |
| ftpuser@[nom_de_domaine] | 142 |
| info@[nom_de_domaine] | 142 |
| anonymous | 50 |
| backup@[nom_de_domaine] | 46 |
| ftp | 36 |
| oracle | 36 |