Blog Main  |  About the Blog  |  About Exxelnet / Main Site Subscribe to RSS  Follow Us on Twitter  Become a Facebook Fan  .Tel 

Easy-to-guess passwords

Just received a SMS from friend complaining about having to clear over 500k of spam mails in one of his mail servers. He has cleared only 10% of the spam mails in the mail server queue after 7 hours! OMG! Apparently spammer had guessed the username and password of a user who has used a password that is the same as his username of his email account. i.e., password = username

Why do so many people continue to use easy-to-guess passwords, despite so many warnings about the risks? Are they being just pure lazy or they are totally ignorant about security? This people can’t be bothered with their own security at all. If you think this is not important, think again, this irresponsible behavior will cause much inconvenience to your own self and others!

What will happen when a mail server is being exploited to send mass volume of spams?

1. The mail server will be overwhelmed with mail sending request, as a result slows down its performance tremendously and may even stall.

2. The outgoing mail server will be filled with huge number of spam mails queuing to be sent out, as a result causes delayed delivery of legitimate emails of the other users in the same server thereby causing inconvenience to all users.

3. With this huge volume of spam mails going out from the same email server, commercial spam filters from messagelabs and barracuda networks, etc and filters from Gmail, hotmail, etc are likely to blacklist the mail server’s IP address. This will cause emails sending through these mail servers to be blocked thereby causing inconvenience again. It may take quite a while to be delisted from these spam filters.

One of the simplest ways by professional spammers to gain access to your information is through the use of a Brute Force Attack. This is accomplished when a spammer uses a specially written piece of heavy duty software that cycles through a bunch of common usernames and passwords, hoping to hit a match that works. If he gets one that works, he effectively has an open relay. Thereafter, he will blast huge volume of spam mails through the email server using this email account.

The most commonly exploited accounts are guest/guest, admin/admin, test/test, demo/demo, sales/sales123, admin/admin123, administrator/administrator123, guest/guest1234, test/test1234, demo/demo123 and webmaster/webmaster1234, although any account with a weak or missing password is vulnerable.

A strong password is therefore vital. A good strong password must have a mix of characters, symbol and numbers, should be randomly-generated to avoid guesses based on your name or domain, but should also be reasonably memorable since you are likely to need the password to access your Webmail from remote locations.

I sincerely hope all email account users will be responsible enough to set a strong password to their email account thereby eliminating the unnecessary work and stress given to the technical support engineer and reducing the inconvenience caused to other users.


Leave a Reply

Your email address will not be published. Required fields are marked *



133,161 Spam Comments Blocked so far by Spam Free Wordpress

HTML tags are not allowed.