I thought it would be interesting to start to dissect the attempts that are made to hack into this blog, which are becoming more frequent and more aggressive. I did a bulk IP check of the top 800 IPs responsible for 84.5% of all the hacking attempts on this website. There is a good chance some of the IPs used are from compromised machines but I was surprised to see that 16.4% of all hacking attempts appeared to come from IP ranges linked to Brazil. Looking at the usernames it appears they are obviously using the usual admin and domain type logins but also looking at some of the usernames they appear to be using known compromised usernames from other WordPress websites. I’m also curious how many people might discover this blog post when searching for details about an IP address or username someone is using to try and hack into their WordPress website. Some of the usernames seemed to be linked to Tech support people, marketing agencies, Fiverr developers, plenty of musicians and folks in the entertainment space. If you see your username below you might want to assume your username and passwords have been possibly compromised on another website.
What are the usernames they try to use to hack?
davidiwanow
admin
wadminw
wwwadmin
davidiwanow.com
support
davidiwanowcom
demo1
Page
david
guest
jarvisa
rgadmin
staff
test
test123
tim
unesco
user
user3
wpengine
3653874n
aavadental9
admercer18
admin_1
admin_fontanilla
admin1
adminagimat
admindev
adrian
agenciasingular
agent
ajsobel
akasakaf
alex-bardsley
amartens
amperio
annaandandre_crycem
anna-oxys
anoop
antawn
antonioucha_x03pd084
antwarp-digital
apphicgames
arkantos
arlen
atratti
audrey0985
avidmode
bardroy
bateriasvolta
bigds007
brandi
brettclur
bretts
burkina24
cation
chrissymchavez
coachbunch
coffmx
contact
corples
corposoa
crypto101
dave-t
davidarthur_admin
davidbutterworth
davidcerda
davidesteveprod
davidhlee
davidhodek
davidhuocantonese
daviditurralde
detran-pe
dev
development
d-hammarstromgmail-com
dmin
doctorneos
drmanhood
dsdavidsonfamilyfoundationgmail-com
dtrundleadmin
dwgadmin
elvinwalker
enamad
enb
erwan
essexff
ev1l2501
ewstheme
fabolivar
feriaspraontem
firstclassadm
fistfulofux
flpsantoa
fp-admin
fswpadmin
garak
garricklowry
gastirad39
gerardolpz
growonline
gsmarena2314
guy
hamid
hannes-karkowski
hobartphoto_admin
holyadmin
hsfilmstudios
hyde4fun
infolab
infothecloudcommittee-com
it
itomlab
jaimezayas
jand
jankowski
jason
jm_isabelle
joao
joeycrack12
jordan
jorgeharris
jshyman123
juan
julz
jwicky
kadowala
kaye
keishaross
keris
ladonaphlormahals
laurieborde
leroy
loginname
logisticafe
lsglofts
lywctlgmail-com
m6spgtrxce
maeda
magictr
malise_wpadmin
mark
martincapsify-de
mattsavinar1978
mbusby
megan
michael-debetaz
michael-und-jochen
mike
miranda-adams
missnookie
miyagi
mlaitman
mmc_master
mmuser
movehmakeh
mpiso
mwender
my_mitchnick2139
naqvi
nick
nicologic
oa-mp0621
olgad
olik
olirocks
olivia
omoba
packlmh
paola-carelli
pasca
Patrick
paul
peter
philippe
picabo
picco
pierre
pipan
poolbuilder_rocket
ppdtp
prefiremedia
prof-muse-t
rcalvo
redacao
regina
riefmedia
rkemper
rob
ruler
ruth
s
s2943747
saied-ghanbari
sales
sara
sauna41
se
seoanezonjic
shaylaf
sheseesgreen
shrishardamataparivar.com
sienna
sigve
silva
sitiocasabranca
socioinfluencer
sonja
srichards
ssc
steve
stouty
studio430
superadmin
supervisor
susanna
swannlandscapingadmin
sweetavocado
taishin-s12
tatawares
techsupportgueststream-com
tesstemona
tetsu
tidarat
tkkdsik02937shk
tkwcargo
tom
tomoya65246524
tomstroops
topnetwork
totally-lost98
townweb
tpe536
u3982
uneuruguay
viana
victoria
viktor
vittorio
volcom2278
wa_contact_31123386-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2
web
webadmin
webmac
webtech
wellgrounded
whsaito
wishtraining
wocaoaaaa
wpadmin
wpkeszipack
wpmaster
wpminder
wpreview
wurmgu
wwpotatoes
xristos3490
yaghoot
yarnadmin
yevgeny87
yucky
zrkann
zurawski
What are the top IPs used to try and hack this website?
200.232.114.219
186.239.155.106
103.130.109.6
91.72.187.242
177.203.153.25
177.69.238.9
201.28.130.42
146.59.204.232
119.17.221.61
201.28.135.246
114.32.155.137
118.163.58.117
106.255.253.178
73.192.213.22
122.53.57.33
114.32.27.86
178.88.160.58
91.75.67.54
118.69.239.137
187.38.245.147
190.14.248.226
108.58.123.210
211.21.101.155
114.30.223.119
117.251.20.30
186.200.22.146
154.79.249.234
168.90.157.17
81.11.155.69
122.54.247.35
200.205.134.87
189.56.190.63
37.110.147.1
118.98.90.22
189.56.166.5
201.91.226.38
73.78.215.109
186.77.56.74
220.66.155.2
200.232.15.41
113.161.151.29
181.49.25.113
189.109.153.254
200.146.227.146
45.181.48.129
93.79.82.132
186.215.195.249
200.159.48.45
61.75.226.80
74.217.186.54
103.219.147.28
108.58.167.30
45.230.49.37
185.253.74.135
161.0.153.88
186.239.167.154
187.92.188.146
116.32.244.28
136.228.168.12
118.70.117.132
177.240.219.155
213.154.2.42
74.197.156.154
50.86.201.61
95.66.236.54
117.213.202.5
178.46.157.217
5.189.156.227
187.93.176.2
95.47.167.147
162.17.6.147
201.91.181.110
40.114.71.160
119.110.244.212
196.11.62.85
58.124.208.10
45.116.114.28
179.191.99.86
104.236.193.30
59.126.139.208
168.90.157.5
191.97.4.238
189.254.255.168
60.249.94.193
81.174.23.66
189.59.69.3
41.143.250.78
68.183.88.242
196.202.152.122
202.177.58.214
161.43.192.105
221.124.56.123
37.98.154.154
80.153.38.127
1.20.156.196
196.1.239.206
196.1.239.234
196.216.8.27
79.138.35.132
131.100.36.21
187.93.56.234
Top ISPs that are driving the attacks and the % of Attempts
Vivo 10.8%
Chunghwa Telecom Co., Ltd. 4.4%
Sudatel (Sudan Telecom Co. Ltd) 1.7%
Comcast Cable Communications 1.4%
Korea Telecom 1.4%
TV AZTECA SUCURSAL COLOMBIA 1.4%
Emirates Integrated Telecommunications Company PJSC 1.3%
Philippine Long Distance Telephone Co. 1.3%
BSNL Internet 1.3%
FPT Telecom Company 1.2%
ALGAR TELECOM S/A 1.1%
DigitalOcean, LLC 1.1%
OVH SAS 1.1%
Sudatel-IP 1.0%
Cablevision Systems Corp. 1.0%
PT. Pasifik Satelit Nusantara 0.9%
OPTIC 0.9%
Sudatel Telecom Group 0.9%
VietNam Post and Telecom Corporation 0.9%
TELEFÔNICA BRASIL S.A 0.8%
Microsoft Corporation 0.8%
Digicel Trinidad and Tobago Ltd. 0.8%
One Eight Technologies Private Limited 0.7%
The IPs belong the following organisations and % of attempts
Telefônica Brasil 9.8%
Chunghwa Telecom Co. Ltd. 4.4%
Sudatel-IP 1.7%
Emirates Integrated Telecommunications Company 1.3%
Comcast IP Services, L.L.C. 1.1%
TV AZTECA SUCURSAL COLOMBIA 1.1%
Vietnam Posts and Telecommunications Group 1.0%
Static IP Services 1.0%
OVH 0.9%
Hong Kong Telecommunications (HKT) Limited 0.9%
Banda Ancha Fibra Óptica 0.9%
Global Village Telecom 0.8%
DigitalOcean, LLC 0.8%
Kornet 0.8%
Digicel Trinidad and Tobago Ltd 0.8%
One Eight Technologies Private Limited 0.7%
ALGAR TELECOM S/A 0.7%
Brasil Telecom S/A – Filial Distrito Federal 0.7%
NETNAM 0.7%
Boranet 0.7%
Corona TOP and Shop Store Inc. 0.6%
Apple ZOO 0.6%
Claro NXT Telecomunicacoes Ltda 0.6%
FPT-STATICIP 0.6%
Spectrum 0.6%
SANEST 0.6%
HVHonam 0.6%
1-w2xk80_venvi Development Corporation 0.5%
Editora Folha da Região de Araçatuba LTDA 0.5%
The top countries where the attacks originate from and % of attempts
Brazil 16.4%
United States 7.5%
India 5.2%
Taiwan 4.4%
Vietnam 3.7%
Sudan 3.5%
South Korea 3.5%
Russia 3.1%
Indonesia 2.8%
Colombia 2.6%
Ukraine 2.1%
Chile 1.6%
Hong Kong 1.5%
France 1.5%
United Arab Emirates 1.4%
Philippines 1.3%
Thailand 1.3%
Mexico 1.3%
Kenya 1.2%
Belgium 1.1%
Germany 1.0%
Bulgaria 1.0%
Sweden 1.0%
Kazakhstan 0.9%
Georgia 0.8%
Trinidad and Tobago 0.8%
Bangladesh 0.7%
Italy 0.5%
Singapore 0.5%
Nicaragua 0.5%
Iran 0.5%
Azerbaijan 0.4%
Israel 0.4%
Myanmar 0.4%
Argentina 0.4%
Japan 0.4%
Australia 0.3%
Please comment below if you have noticed any interesting patterns in people/bots trying to hack into your website?