Security by username

login_keyWith the update of Spagi I also installed a lot more capacity for logging. In that matter I installed a mysql log for VSFTP connection. In only 2 days I’ve got over 15 000 entry in the database. All unsuccessful connection that are a dead on hint that it was a attack try. I’ve then installed Fail2Ban that block an IP for an hour after 6 fail.

While looking at the list of attacks I’ve been stunt how much those attack are done thru standard username that would seems to be obvious “don’t”. But if those attacks use them, they are probably successful sometimes. A funny username might not bare the pprofessionallook of “administrator” but it might be more secure because you can’t guess it easily. A wood contractor could use the_nail or glue as username. They will be hard to guess !

But most and foremost information out of it, NEVER use admin or administrator as username. It render half of the security ineffective.

I’ll leave you with the most common attack username I’ve got :

Username Occurrence
admin 1042
administrator 898
admin@[nom_de_domaine] 770
administrator@[nom_de_domaine] 754
ftpadmin 426
ftpuser 426
demo 426
backup 426
guest 426
guest1 426
info 426
guest123 426
[nom_de_domaine] 314
ftpadmin@[nom_de_domaine] 142
ftpuser@[nom_de_domaine] 142
info@[nom_de_domaine] 142
anonymous 50
backup@[nom_de_domaine] 46
ftp 36
oracle 36