I have a Tomcat server on the internet (www.socialresearchdesk.com) that runs a couple of applications of mine. Tomcat, for those who aren’t aware of it, is a very lightweight, popular application server for deploying Java-based web applications.
It comes with a management application which has a set of standard (albeit disabled) accounts out of the box. Naturally, I don’t use them — I have random bits of gibberish for both the user id and password for the manager account.
But every few days a hacker tries to break in; almost always the hacker’s IP address traces them back to China. What’s amusing is the set of log in ids they think they can use to log in (here’s the most recent batch):
They don’t seem to try really hard, for what it’s worth — less than 3 minutes elapsed before they gave up. Maybe I’ve been assigned to the summer interns?