This is a real Red Letter Day in the history of this blog. Suddenly there is a flood of enquiry (about the username and password) and they are flooding like Tatar Hordes. Till date there had never been more than a hundred such enquiries, and recently that too had become a trickle (around 10-20 per day). Today suddenly I find that number has grown many folds to already around 400, and rising fast, like the water level of a flash flood or should I say Tsunami (the resemblance to it is more)?
Most of these enquiries are from the Tatar-Red zone (Turkey, Ukraine, Russia). Of these three, two, The Ukraine and Turkey had been regular visitors to log-n, xmlrphp and lost-password screens, but suddenly today I find that the Russians have entered the fray, and that too with a vengeance. Of the four hundred odd, more than half are them.
Are they confused that this is one of the Trump’s or CIA sites? I wonder! Otherwise why they should work in such a close co-ordination trying to break in? Every person (or their bot) makes an attempt till the site is blocked for too many wrong attempts, and then it passes on the baton to another one to start from where it left (exactly like a relay race).
They are quite smart too, since the attempts are not limited to a particular network or service provider. This must be to make sure that the intended target isn’t able to black-list or block a particular network/ IP range.
Smart, aren’t they? The efforts should have been a bit more seamless. I wonder why the attempts are separated by a couple of minutes? After A is stopped, B doesn’t take over immediately, but after a small hiatus (usually of about 2-3 minutes. Most of the attempts are of course brute force, but a few (obviously who consider themselves smarter) are going through lost-password recovery method. I wonder how would they overcome the multi-factor authentication. They have of course guessed the username (most of them are attempting with it). But that would be the easy one, the least of the hurdle 🙂 For the next step, first they have to guess the length of the password,