V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
git
Pro Git
Atlassian Git Tutorial
Pro Git 简体中文翻译
GitX
tshwangq
V2EX  ›  git

我github被攻破了

  •  
  •   tshwangq · 2013-11-20 11:19:43 +08:00 · 12304 次点击
    这是一个创建于 4003 天前的主题,其中的信息可能已经有所发展或是发生改变。
    半夜提示我多了一个ssh key。
    我有私有repo 啊。。。
    84 条回复    1970-01-01 08:00:00 +08:00
    cloudqq
        1
    cloudqq  
       2013-11-20 11:25:40 +08:00
    我表示怀疑,获取你私有项目有啥意义。
    humiaozuzu
        2
    humiaozuzu  
       2013-11-20 11:27:22 +08:00
    擦 我也是!
    今天把所有能开启两步验证的全开了,密码全换不同的强密码了
    被日了果然才知道不安全 LOL
    Ray2EX
        3
    Ray2EX  
       2013-11-20 11:27:28 +08:00
    楼上太毒了
    humiaozuzu
        4
    humiaozuzu  
       2013-11-20 11:28:10 +08:00
    昨天 HN 上头条就是 Github is exp security issues,没想到今天自己就被日了。。。
    tshwangq
        5
    tshwangq  
    OP
       2013-11-20 11:50:57 +08:00
    怀疑什么?他无聊把我的项目公开呢,搞个什么10w个github repo bt。
    我不好交代啊
    LU35
        6
    LU35  
       2013-11-20 12:00:44 +08:00 via Android
    半夜收到邮件提示密码被更改,还在想是什么情况。晚上就收到官方邮件,据说是受到adobe泄漏的影响。
    c19
        7
    c19  
       2013-11-20 12:26:30 +08:00
    c19
        8
    c19  
       2013-11-20 12:28:04 +08:00
    https://github.com/settings/security
    看看是不是被试密码了。。
    xatest
        9
    xatest  
       2013-11-20 12:33:42 +08:00   ❤️ 1
    @c19 看了一下,果然很多尝试失败的记录,幸好我是强密码~

    a day ago user.failed_login: Originated from 186.14.6.207
    a day ago user.failed_login: Originated from 190.79.142.40
    2 days ago user.failed_login: Originated from 183.89.16.23
    2 days ago user.failed_login: Originated from 190.72.6.251
    2 days ago user.failed_login: Originated from 202.101.96.154
    4 days ago user.failed_login: Originated from 200.84.65.94
    4 days ago user.failed_login: Originated from 190.39.14.235
    4 days ago user.failed_login: Originated from 93.61.60.10
    4 days ago user.failed_login: Originated from 186.46.160.188
    4 days ago user.failed_login: Originated from 201.210.49.168
    4 days ago user.failed_login: Originated from 46.149.222.114
    4 days ago user.failed_login: Originated from 201.211.85.139
    4 days ago user.failed_login: Originated from 186.88.167.21
    4 days ago user.failed_login: Originated from 186.92.91.46
    4 days ago user.failed_login: Originated from 78.58.57.41
    4 days ago user.failed_login: Originated from 186.95.160.168
    4 days ago user.failed_login: Originated from 186.95.64.36
    4 days ago user.failed_login: Originated from 182.253.48.86
    4 days ago user.failed_login: Originated from 175.141.33.131
    4 days ago user.failed_login: Originated from 197.210.255.150
    4 days ago user.failed_login: Originated from 186.94.149.202
    4 days ago user.failed_login: Originated from 190.207.170.157
    4 days ago user.failed_login: Originated from 200.192.215.138
    4 days ago user.failed_login: Originated from 190.207.0.10
    4 days ago user.failed_login: Originated from 190.203.78.224
    4 days ago user.failed_login: Originated from 82.79.66.19
    4 days ago user.failed_login: Originated from 118.99.114.199
    4 days ago user.failed_login: Originated from 186.94.246.28
    FrankFang128
        10
    FrankFang128  
       2013-11-20 12:53:13 +08:00 via Android
    你们的密码是不是很弱
    greenmoon55
        11
    greenmoon55  
       2013-11-20 13:03:18 +08:00
    two_factor_authentication.enabled:
    a day ago user.failed_login: Originated from 190.36.202.117
    a day ago user.failed_login: Originated from 114.32.114.10
    a day ago user.failed_login: Originated from 78.46.250.85
    2 days ago user.failed_login: Originated from 1.64.139.71
    2 days ago user.failed_login: Originated from 186.95.46.139
    2 days ago user.failed_login: Originated from 190.207.233.235
    mlc880926
        12
    mlc880926  
       2013-11-20 13:04:12 +08:00
    user.failed_login: Originated from 201.211.5.166
    a day ago user.failed_login: Originated from 190.73.130.185
    a day ago user.failed_login: Originated from 182.253.32.15
    2 days ago user.failed_login: Originated from 41.46.80.107
    2 days ago user.failed_login: Originated from 190.73.235.26
    2 days ago user.failed_login: Originated from 190.79.222.225
    我也有不少
    suziewong
        13
    suziewong  
       2013-11-20 13:05:41 +08:00
    我也有,这个是什么情况呀
    sophy
        14
    sophy  
       2013-11-20 13:06:43 +08:00
    把两步验证打开啊
    9hills
        15
    9hills  
       2013-11-20 13:09:02 +08:00
    @suziewong 只要保证一站一密,然后强密码就没事

    github本身没问题,是用户的密码有问题
    thai9quohs6jae1C
        16
    thai9quohs6jae1C  
       2013-11-20 13:18:03 +08:00   ❤️ 1
    能两步验证的都打开了的
    dorentus
        17
    dorentus  
       2013-11-20 13:24:15 +08:00
    我这里只有两条,五小时前的 IP 是国外的,八天前的 IP 是阿里云的……

    user.failed_login: Originated from 188.251.253.106 5 hours ago
    user.failed_login: Originated from 115.29.148.201 8 days ago
    ffts
        18
    ffts  
       2013-11-20 13:29:18 +08:00
    我的也是诶...
    还是改密码吧...
    airyland
        19
    airyland  
       2013-11-20 13:30:43 +08:00
    我也是!!
    reorx
        20
    reorx  
       2013-11-20 13:38:44 +08:00   ❤️ 4
    很明显这是想用 github 帐号从 ripple 搞钱的人干的
    family
        21
    family  
       2013-11-20 13:42:15 +08:00
    我的密码也被修改了...
    zorceta
        22
    zorceta  
       2013-11-20 13:45:22 +08:00
    @reorx 2333
    zorceta
        23
    zorceta  
       2013-11-20 13:46:25 +08:00
    @zorceta
    @reorx 水了......
    现在Ripple还在派XRP?
    真是财大气粗的中央银行=.=
    GitFree
        24
    GitFree  
       2013-11-20 14:05:39 +08:00
    早上一起床就收到了github的提醒邮件。
    aveline
        25
    aveline  
       2013-11-20 14:10:27 +08:00
    擦,我的也是... 24 位隨機密碼也能進來居然。

    趕緊換了個密碼。
    xiaket
        26
    xiaket  
       2013-11-20 14:16:03 +08:00
    @aveline 24位随机密码都能被攻破? 这是APT攻击你了还是怎么的...
    zouchao
        27
    zouchao  
       2013-11-20 14:19:33 +08:00
    我也遭殃了!擦!!不过我是8位数数字密码!用了几年了~~~
    lijinma
        28
    lijinma  
       2013-11-20 14:32:50 +08:00
    上网搜了一下,发现确实是因为ripple利益的驱动,每个账号2020XRP现在在中国值140块左右。

    不过,今天 Ripple 已经取消对github的giveaway,所以说哪里有价值哪里就会不安全。
    humiaozuzu
        29
    humiaozuzu  
       2013-11-20 14:38:18 +08:00
    @aveline 貌似是 adobe 事件泄露?我的密码也是不会穷举出来的那种。。。
    soulgain
        30
    soulgain  
       2013-11-20 14:39:55 +08:00
    我也是,各位出现问题的github账号的密码是不是跟ripple的wallet密码相同?
    aveline
        31
    aveline  
       2013-11-20 14:45:37 +08:00
    @humiaozuzu 我每個網站密碼都不一樣的,和 Adobe 沒關係。
    hustlzp
        32
    hustlzp  
       2013-11-20 14:48:33 +08:00
    user.failed_login: Originated from 201.243.46.125
    2 days ago user.failed_login: Originated from 186.47.228.241
    2 days ago user.failed_login: Originated from 190.205.214.143
    2 days ago user.failed_login: Originated from 182.253.50.253
    3 days ago user.failed_login: Originated from 110.138.216.157
    4 days ago user.login: Originated from 211.69.194.179
    9 days ago user.failed_login: Originated from 8.35.200.38
    9 days ago user.failed_login: Originated from 8.35.200.37
    9 days ago user.failed_login: Originated from 8.35.200.36
    9 days ago user.failed_login: Originated from 8.35.200.36
    12 days ago user.failed_login: Originated from 220.137.34.240

    这...好多...
    zghcx99
        33
    zghcx99  
       2013-11-20 14:53:22 +08:00
    这 如何是好
    ospider
        34
    ospider  
       2013-11-20 14:54:05 +08:00
    user.failed_login: Originated from 190.37.46.96
    2 days ago user.failed_login: Originated from 201.208.14.161
    2 days ago oauth_access.create: gittip
    2 days ago user.failed_login: Originated from 190.206.251.108
    3 days ago user.failed_login: Originated from 182.253.35.252
    5 days ago oauth_access.create: GistBox
    5 days ago user.failed_login: Originated from 8.35.201.35
    14 days ago user.failed_login: Originated from 115.29.195.54
    的确好多
    chunchu
        35
    chunchu  
       2013-11-20 15:08:42 +08:00
    我的也被攻破了,已经修稿密码,开启两步验证了
    MuyouSome
        36
    MuyouSome  
       2013-11-20 15:10:29 +08:00
    看了下,我也有。。。我去
    yylzcom
        37
    yylzcom  
       2013-11-20 15:34:51 +08:00
    keepass生成的密码暂时未被攻破
    = =# 虽然经常在其他人电脑上输入密码有困难
    danzwl
        38
    danzwl  
       2013-11-20 15:59:25 +08:00
    user.failed_login: Originated from 186.89.182.64
    a day ago user.failed_login: Originated from 86.120.196.242
    2 days ago user.failed_login: Originated from 111.221.1.110
    2 days ago user.failed_login: Originated from 190.36.88.191
    3 days ago user.failed_login: Originated from 190.207.31.129
    1Password生成的密碼……
    jon
        39
    jon  
       2013-11-20 15:59:41 +08:00
    @humiaozuzu 提醒了我,keepass还差了github这个账户呢
    zhttty
        40
    zhttty  
       2013-11-20 16:14:51 +08:00
    @aveline 估计你的lastpass主密码泄露了...
    sdysj
        41
    sdysj  
       2013-11-20 16:30:16 +08:00
    ssh key都不分开用吗?真勇敢。
    tingxueren
        42
    tingxueren  
       2013-11-20 16:31:11 +08:00
    赶紧改密码,最近密码泄露太多了吧,看来需要全部开启两步验证,真麻烦
    sivacohan
        43
    sivacohan  
       2013-11-20 16:36:11 +08:00
    为毛线我的就没人进来……是不屑吗?
    cyberscorpio
        44
    cyberscorpio  
       2013-11-20 16:47:31 +08:00
    说明这些网站一直都有漏洞被别人攥在手里,这次因为 github 的账户可以赚比特币,所以就被拿出来用了。说到底还是利益使然。
    lazygunner
        45
    lazygunner  
       2013-11-20 17:00:59 +08:00
    看来这么多人也被搞了。。。
    早上没看邮件,发现push不上去,登录网站才发现不妙。。
    siw
        46
    siw  
       2013-11-20 17:22:40 +08:00
    user.failed_login: Originated from 190.204.106.53
    2 days ago user.failed_login: Originated from 222.124.123.28
    3 days ago user.failed_login: Originated from 190.73.173.143
    3 days ago user.failed_login: Originated from 84.2.238.34

    哈哈我的密码只有和用户名很类似。。。
    picasso250
        47
    picasso250  
       2013-11-20 17:32:26 +08:00
    user.failed_login: Originated from 200.109.44.249
    2 days ago user.failed_login: Originated from 190.203.146.148
    2 days ago user.failed_login: Originated from 186.90.120.120
    2 days ago user.failed_login: Originated from 110.139.155.95
    3 days ago user.failed_login: Originated from 186.88.103.204
    F0ur
        48
    F0ur  
       2013-11-20 17:36:54 +08:00
    8 hours ago user.failed_login: Originated from 190.173.31.217
    3 days ago user.failed_login: Originated from 180.94.69.66
    3 days ago user.failed_login: Originated from 190.200.215.14
    5 days ago user.failed_login: Originated from 106.187.101.212
    6 days ago user.failed_login: Originated from 115.29.195.54
    10 days ago user.failed_login: Originated from 8.35.200.38

    好可怕。。
    xiaket
        49
    xiaket  
       2013-11-20 17:43:17 +08:00
    @zhttty 良好说明了用LastPass后加一个ubikey的必要性... 偶要感谢偶当时的决策...

    好吧@aveline 同学的密码泄漏的确比较诡异...
    gullon
        50
    gullon  
       2013-11-20 17:50:24 +08:00
    好吧,我也打过 github 的主意, 你们懂的。
    有很多思路。。

    https://github.com/USERNAME --->判断用户是否存在,这里不限制请求。
    USERNAME 和 EMAIL 都可以用来登录帐号。

    如何拿用户名呢?
    有很多地方是可以获取到用户的 github 主页地址的。
    例如,遍历 v2ex 的所有用户, 获取他的 github 地址。http://www.v2ex.com/t/55360

    那密码呢?
    你想到了 CSDN 的百万密码库了么? 邮箱,帐号,密码都有。
    除了 CSDN,还有很多库呢。。

    那如何尝试登录呢?
    最简单的方法有木有:http://developer.github.com/v3/auth/#basic-authentication
    表单提交也可以(虽然还要获取一个authenticity_token, 麻烦点而已)
    再麻烦点的, 使用 http 协议clone 一个 repo,再尝试登录,输入帐号密码(有可能绕过限制哦)

    ip 限制? 你去搜搜淘宝上卖代理的。
    去试试 Tor?
    甚至是,有一大批肉鸡?


    最后因为太忙了,没坚持折腾。

    仅分享。
    jianghu52
        51
    jianghu52  
       2013-11-20 17:52:03 +08:00
    吼吼。所以说用古诗拼音外带大小写区分是非常有用的。关键是一首诗能用四个地方呢。
    jianghu52
        52
    jianghu52  
       2013-11-20 17:53:32 +08:00
    @aveline 你这24位随机密码能被破解是什么概念!!!!
    coolcfan
        53
    coolcfan  
       2013-11-20 18:02:49 +08:00
    @cloudqq 比如帐号里有从公司私有项目fork出来的项目。。。
    yylzcom
        54
    yylzcom  
       2013-11-20 18:07:40 +08:00
    @jianghu52 估计是和其它地方的密码重复了? o.0
    要不然怎么可能纯暴力穷举破解?
    Semidio
        55
    Semidio  
       2013-11-20 18:14:46 +08:00
    a day ago user.failed_login: Originated from 115.124.92.254
    2 days ago user.failed_login: Originated from 190.206.237.133
    2 days ago user.failed_login: Originated from 117.36.50.52
    2 days ago user.failed_login: Originated from 190.78.188.7
    3 days ago user.failed_login: Originated from 186.94.91.65
    hui314
        56
    hui314  
       2013-11-20 18:29:40 +08:00
    果然我也有...
    a day ago user.failed_login: Originated from 190.203.241.16
    2 days ago user.failed_login: Originated from 190.75.49.190
    2 days ago user.failed_login: Originated from 82.196.169.249
    3 days ago user.failed_login: Originated from 201.242.126.249
    3 days ago user.failed_login: Originated from 201.74.150.247
    weakish
        57
    weakish  
       2013-11-20 19:38:46 +08:00
    @aveline 我的37位密码没事……
    aveline
        58
    aveline  
       2013-11-20 19:54:17 +08:00
    @jianghu52
    @zhttty 我看了一邊 LastPass 登錄記錄沒有,真奇怪了。

    GitHub 登錄的 IP 的巴黎的,我沒有 VPN 出口是在這裡的,然後使用的操作系統是 OS X 10.8 瀏覽器是 Firefox,我 DP1 的時候就升級了肯定不是我。
    nsa
        59
    nsa  
       2013-11-20 20:53:01 +08:00
    GitHub XRP Giveaway使用后就有这个

    a day ago user.failed_login: Originated from 192.116.149.58
    a day ago user.failed_login: Originated from 93.84.16.150
    a day ago user.failed_login: Originated from 201.242.76.149
    a day ago user.failed_login: Originated from 117.59.224.58
    a day ago user.failed_login: Originated from 117.59.224.58
    biaobiaoqi
        60
    biaobiaoqi  
       2013-11-20 22:58:31 +08:00
    @gullon
    细思恐极-,-
    xingzw
        61
    xingzw  
       2013-11-20 23:30:40 +08:00
    8天前头脑一热改用LastPass生成一站一密!

    2 days ago user.failed_login: Originated from 190.142.115.200
    2 days ago user.failed_login: Originated from 190.74.83.70
    2 days ago user.failed_login: Originated from 121.35.57.28
    3 days ago user.failed_login: Originated from 201.221.131.70
    3 days ago user.failed_login: Originated from 190.206.175.123
    8 days ago user.login: Originated from 58.243.78.201
    8 days ago user.change_password: Originated from 58.243.78.201
    Xrong
        62
    Xrong  
       2013-11-21 00:09:18 +08:00
    正在把LastPass密码迁移至1Password, 然后再全部设置成一站一密...同样已被尝试暴力登录...想想如果lastpass被暴,那才叫恐慌...
    haisua
        63
    haisua  
       2013-11-21 01:03:14 +08:00
    @Xrong LastPass加了两步验证应该很安全了……
    tywtyw2002
        64
    tywtyw2002  
       2013-11-21 01:34:00 +08:00
    @aveline 为啥我的 10位密码一直没有被攻破呢? 我怀疑是有啥bug吧
    tywtyw2002
        65
    tywtyw2002  
       2013-11-21 01:36:02 +08:00
    @haisua 嗯 我lastpass直接启动了 yubikey去验证,估计他们是破解不了了。。。
    faceair
        66
    faceair  
       2013-11-21 02:02:01 +08:00
    2 days ago user.failed_login: Originated from 190.38.177.245
    2 days ago user.failed_login: Originated from 175.139.212.253
    3 days ago user.failed_login: Originated from 186.93.203.162
    3 days ago user.failed_login: Originated from 190.207.238.230

    一站一密,虽然不是随机。。
    vietor
        67
    vietor  
       2013-11-21 08:46:25 +08:00
    为什么没人搞我的帐号?难道是,没价值?咳
    gkiwi
        68
    gkiwi  
       2013-11-21 09:28:03 +08:00
    被攻破了...keePass了~~
    railgun
        69
    railgun  
       2013-11-21 09:29:18 +08:00
    railgun
        70
    railgun  
       2013-11-21 09:31:05 +08:00
    不过这次只是弱口令攻击,楼主的密码太简单了吧→_→
    raptor
        71
    raptor  
       2013-11-21 09:45:07 +08:00
    说明你们都是红人……我就没有被攻击的记录……
    iptux
        72
    iptux  
       2013-11-21 09:56:21 +08:00
    同没被搞帐号。。。
    sugelawa
        73
    sugelawa  
       2013-11-21 10:01:51 +08:00
    @reorx 不懂,求解释!
    yylzcom
        74
    yylzcom  
       2013-11-21 11:19:01 +08:00
    @gkiwi keepass的随机密码也被攻破了?不科学!
    delong
        75
    delong  
       2013-11-21 14:06:57 +08:00
    >_< github怎么被攻破的
    gkiwi
        76
    gkiwi  
       2013-11-21 14:51:30 +08:00
    @yylzcom 是先被破,又放keePass的...
    wanjun
        77
    wanjun  
       2013-11-21 15:12:37 +08:00
    弱口令,暴破,我的简单密码也被破了。
    dreasky
        78
    dreasky  
       2013-11-21 15:55:40 +08:00
    tshwangq 121815wq
    pright
        79
    pright  
       2013-11-21 15:56:23 +08:00
    我也收到邮件了,不过倒是没有楼上的那些提示信息
    binyuJ
        80
    binyuJ  
       2013-11-21 16:27:10 +08:00
    user.failed_login: Originated from 186.219.154.247 2 days ago
    user.failed_login: Originated from 59.148.249.150 3 days ago
    user.failed_login: Originated from 67.184.194.122 3 days ago
    user.failed_login: Originated from 186.88.203.246 3 days ago
    user.failed_login: Originated from 121.8.248.202 4 days ago


    ps.之前收到好几封搞ripple的邮件,不过不知道是什么所以没理会
    CrazyApi
        81
    CrazyApi  
       2013-11-21 18:28:17 +08:00
    还好重要账号一直都是强密码

    user.failed_login: Originated from 190.200.219.140
    user.failed_login: Originated from 177.68.25.33
    user.failed_login: Originated from 189.3.25.146
    user.failed_login: Originated from 103.12.114.147
    user.failed_login: Originated from 190.203.70.47
    deyu260
        82
    deyu260  
       2013-11-21 18:33:32 +08:00
    2 days ago user.failed_login: Originated from 190.72.151.75
    3 days ago user.failed_login: Originated from 119.148.8.122
    4 days ago user.failed_login: Originated from 186.95.201.126
    4 days ago user.failed_login: Originated from 217.150.86.136

    在cubieboard那边也看到35块人民币换一个github支持 这价格不和国际接轨
    tioover
        83
    tioover  
       2013-11-21 20:08:18 +08:00
    3 days ago user.failed_login: Originated from 103.12.114.147
    3 days ago user.failed_login: Originated from 190.39.64.237
    3 days ago user.failed_login: Originated from 190.36.93.31
    3 days ago user.failed_login: Originated from 46.40.109.4
    4 days ago user.failed_login: Originated from 190.38.93.201
    4 days ago user.failed_login: Originated from 79.33.238.111
    20 days ago user.failed_login: Originated from 74.126.176.138
    22 days ago user.failed_login: Originated from 8.35.201.103
    23 days ago user.failed_login: Originated from 171.213.55.27
    23 days ago user.failed_login: Originated from 171.213.55.27

    丧心病狂
    zonyitoo
        84
    zonyitoo  
       2013-11-21 22:03:33 +08:00
    3 days ago user.failed_login: Originated from 41.178.213.151
    3 days ago user.failed_login: Originated from 180.248.5.15
    3 days ago user.failed_login: Originated from 182.253.49.250
    3 days ago user.failed_login: Originated from 190.95.243.35
    4 days ago user.failed_login: Originated from 201.242.72.225
    4 days ago user.failed_login: Originated from 180.254.65.142

    Github出事了
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   5419 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 28ms · UTC 06:57 · PVG 14:57 · LAX 22:57 · JFK 01:57
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.