I made my WordPress administrator’s password ‘admin’ for 2 weeks and nothing happened. This is why and why threat intelligence is useful.
In my last experiment, What Happened When I Leaked My Server Password on Github.com, I configured a server with a very strong SSH password then ‘accidentally’ leaked it through a Github code repository. Within minutes people found the password and logged in. This time I tested a different approach and created a new WordPress site with the administrator username and password set to ‘admin’ for 2 weeks. Nothing happened. This is why nothing happened and why threat intelligence is important.
Prior to testing, I expected that any new WordPress server that appeared on the internet would be detected using an IP scanner within 7 days. Once discovered, brute-force attacks against the WordPress admin user would begin. Using the combination of admin:admin the site would be compromised very quickly.
To test that theory I created a honeypot installation of WordPress using a Docker container and a cloud hosting service unlinked to anything else I do online. Then I locked-down the host server and network to minimise the impact on others if the container was actually hacked. Next, I set the admin username and password to ‘admin’, then waited to see what happened. I didn’t give it a domain name, didn’t add it to any search indexes, and didn’t promote it in any way. I wanted to see if someone was actively looking for brand new servers that were vulnerable in this way.[Read more…] about Threat Intelligence and Why Nobody Hacked My Hackable Website