I have a Tomcat server on the internet (www.socialresearchdesk.com) that runs a couple of applications of mine.  Tomcat, for those who aren’t aware of it, is a very lightweight, popular application server for deploying Java-based web applications.

It comes with a management application which has a set of standard (albeit disabled) accounts out of the box.  Naturally, I don’t use them — I have random bits of gibberish for both the user id and password for the manager account.

But every few days a hacker tries to break in; almost always the hacker’s IP address traces them back to China.  What’s amusing is the set of log in ids they think they can use to log in (here’s the most recent batch):

111111
123123
admin888
admin
admin!@#
tomcat!@#
manager!@#
tomcat5.0
tomcat6.5
tomcat6.0
tomcat7.0
s3cret
scret
ok
888888
1223
123
12345
123456
1234
1
112233
tomcat
password
passwords
manager
root
manager1
admin123
tomcat123
manager123
password
pass
P@ssw0rd
P@ssw0rds
tomcat
manager.
fuckhack
fuckhacker
qweasdzxc
qazwsxedc
fuckyou
linux
qwe!@#
!@#qwe
look
good
god
qweasd
zxcasd
jack
qwert
Internet
qwert12345
rootadmin
china
adminroot
5201314
anonymous
jsp
war
admin$

They don’t seem to try really hard, for what it’s worth — less than 3 minutes elapsed before they gave up.  Maybe I’ve been assigned to the summer interns?