1
cloudqq 2013-11-20 11:25:40 +08:00
我表示怀疑,获取你私有项目有啥意义。
|
2
humiaozuzu 2013-11-20 11:27:22 +08:00
擦 我也是!
今天把所有能开启两步验证的全开了,密码全换不同的强密码了 被日了果然才知道不安全 LOL |
3
Ray2EX 2013-11-20 11:27:28 +08:00
楼上太毒了
|
4
humiaozuzu 2013-11-20 11:28:10 +08:00
昨天 HN 上头条就是 Github is exp security issues,没想到今天自己就被日了。。。
|
5
tshwangq OP 怀疑什么?他无聊把我的项目公开呢,搞个什么10w个github repo bt。
我不好交代啊 |
6
LU35 2013-11-20 12:00:44 +08:00 via Android
半夜收到邮件提示密码被更改,还在想是什么情况。晚上就收到官方邮件,据说是受到adobe泄漏的影响。
|
7
c19 2013-11-20 12:26:30 +08:00
|
8
c19 2013-11-20 12:28:04 +08:00
https://github.com/settings/security
看看是不是被试密码了。。 |
9
xatest 2013-11-20 12:33:42 +08:00 1
@c19 看了一下,果然很多尝试失败的记录,幸好我是强密码~
a day ago user.failed_login: Originated from 186.14.6.207 a day ago user.failed_login: Originated from 190.79.142.40 2 days ago user.failed_login: Originated from 183.89.16.23 2 days ago user.failed_login: Originated from 190.72.6.251 2 days ago user.failed_login: Originated from 202.101.96.154 4 days ago user.failed_login: Originated from 200.84.65.94 4 days ago user.failed_login: Originated from 190.39.14.235 4 days ago user.failed_login: Originated from 93.61.60.10 4 days ago user.failed_login: Originated from 186.46.160.188 4 days ago user.failed_login: Originated from 201.210.49.168 4 days ago user.failed_login: Originated from 46.149.222.114 4 days ago user.failed_login: Originated from 201.211.85.139 4 days ago user.failed_login: Originated from 186.88.167.21 4 days ago user.failed_login: Originated from 186.92.91.46 4 days ago user.failed_login: Originated from 78.58.57.41 4 days ago user.failed_login: Originated from 186.95.160.168 4 days ago user.failed_login: Originated from 186.95.64.36 4 days ago user.failed_login: Originated from 182.253.48.86 4 days ago user.failed_login: Originated from 175.141.33.131 4 days ago user.failed_login: Originated from 197.210.255.150 4 days ago user.failed_login: Originated from 186.94.149.202 4 days ago user.failed_login: Originated from 190.207.170.157 4 days ago user.failed_login: Originated from 200.192.215.138 4 days ago user.failed_login: Originated from 190.207.0.10 4 days ago user.failed_login: Originated from 190.203.78.224 4 days ago user.failed_login: Originated from 82.79.66.19 4 days ago user.failed_login: Originated from 118.99.114.199 4 days ago user.failed_login: Originated from 186.94.246.28 |
10
FrankFang128 2013-11-20 12:53:13 +08:00 via Android
你们的密码是不是很弱
|
11
greenmoon55 2013-11-20 13:03:18 +08:00
two_factor_authentication.enabled:
a day ago user.failed_login: Originated from 190.36.202.117 a day ago user.failed_login: Originated from 114.32.114.10 a day ago user.failed_login: Originated from 78.46.250.85 2 days ago user.failed_login: Originated from 1.64.139.71 2 days ago user.failed_login: Originated from 186.95.46.139 2 days ago user.failed_login: Originated from 190.207.233.235 |
12
mlc880926 2013-11-20 13:04:12 +08:00
user.failed_login: Originated from 201.211.5.166
a day ago user.failed_login: Originated from 190.73.130.185 a day ago user.failed_login: Originated from 182.253.32.15 2 days ago user.failed_login: Originated from 41.46.80.107 2 days ago user.failed_login: Originated from 190.73.235.26 2 days ago user.failed_login: Originated from 190.79.222.225 我也有不少 |
13
suziewong 2013-11-20 13:05:41 +08:00
我也有,这个是什么情况呀
|
14
sophy 2013-11-20 13:06:43 +08:00
把两步验证打开啊
|
16
thai9quohs6jae1C 2013-11-20 13:18:03 +08:00 1
能两步验证的都打开了的
|
17
dorentus 2013-11-20 13:24:15 +08:00
我这里只有两条,五小时前的 IP 是国外的,八天前的 IP 是阿里云的……
user.failed_login: Originated from 188.251.253.106 5 hours ago user.failed_login: Originated from 115.29.148.201 8 days ago |
18
ffts 2013-11-20 13:29:18 +08:00
我的也是诶...
还是改密码吧... |
19
airyland 2013-11-20 13:30:43 +08:00
我也是!!
|
20
reorx 2013-11-20 13:38:44 +08:00 4
很明显这是想用 github 帐号从 ripple 搞钱的人干的
|
21
family 2013-11-20 13:42:15 +08:00
我的密码也被修改了...
|
24
GitFree 2013-11-20 14:05:39 +08:00
早上一起床就收到了github的提醒邮件。
|
25
aveline 2013-11-20 14:10:27 +08:00
擦,我的也是... 24 位隨機密碼也能進來居然。
趕緊換了個密碼。 |
27
zouchao 2013-11-20 14:19:33 +08:00
我也遭殃了!擦!!不过我是8位数数字密码!用了几年了~~~
|
28
lijinma 2013-11-20 14:32:50 +08:00
上网搜了一下,发现确实是因为ripple利益的驱动,每个账号2020XRP现在在中国值140块左右。
不过,今天 Ripple 已经取消对github的giveaway,所以说哪里有价值哪里就会不安全。 |
29
humiaozuzu 2013-11-20 14:38:18 +08:00
@aveline 貌似是 adobe 事件泄露?我的密码也是不会穷举出来的那种。。。
|
30
soulgain 2013-11-20 14:39:55 +08:00
我也是,各位出现问题的github账号的密码是不是跟ripple的wallet密码相同?
|
31
aveline 2013-11-20 14:45:37 +08:00
@humiaozuzu 我每個網站密碼都不一樣的,和 Adobe 沒關係。
|
32
hustlzp 2013-11-20 14:48:33 +08:00
user.failed_login: Originated from 201.243.46.125
2 days ago user.failed_login: Originated from 186.47.228.241 2 days ago user.failed_login: Originated from 190.205.214.143 2 days ago user.failed_login: Originated from 182.253.50.253 3 days ago user.failed_login: Originated from 110.138.216.157 4 days ago user.login: Originated from 211.69.194.179 9 days ago user.failed_login: Originated from 8.35.200.38 9 days ago user.failed_login: Originated from 8.35.200.37 9 days ago user.failed_login: Originated from 8.35.200.36 9 days ago user.failed_login: Originated from 8.35.200.36 12 days ago user.failed_login: Originated from 220.137.34.240 这...好多... |
33
zghcx99 2013-11-20 14:53:22 +08:00
这 如何是好
|
34
ospider 2013-11-20 14:54:05 +08:00
user.failed_login: Originated from 190.37.46.96
2 days ago user.failed_login: Originated from 201.208.14.161 2 days ago oauth_access.create: gittip 2 days ago user.failed_login: Originated from 190.206.251.108 3 days ago user.failed_login: Originated from 182.253.35.252 5 days ago oauth_access.create: GistBox 5 days ago user.failed_login: Originated from 8.35.201.35 14 days ago user.failed_login: Originated from 115.29.195.54 的确好多 |
35
chunchu 2013-11-20 15:08:42 +08:00
我的也被攻破了,已经修稿密码,开启两步验证了
|
36
MuyouSome 2013-11-20 15:10:29 +08:00
看了下,我也有。。。我去
|
37
yylzcom 2013-11-20 15:34:51 +08:00
keepass生成的密码暂时未被攻破
= =# 虽然经常在其他人电脑上输入密码有困难 |
38
danzwl 2013-11-20 15:59:25 +08:00
user.failed_login: Originated from 186.89.182.64
a day ago user.failed_login: Originated from 86.120.196.242 2 days ago user.failed_login: Originated from 111.221.1.110 2 days ago user.failed_login: Originated from 190.36.88.191 3 days ago user.failed_login: Originated from 190.207.31.129 1Password生成的密碼…… |
39
jon 2013-11-20 15:59:41 +08:00
@humiaozuzu 提醒了我,keepass还差了github这个账户呢
|
41
sdysj 2013-11-20 16:30:16 +08:00
ssh key都不分开用吗?真勇敢。
|
42
tingxueren 2013-11-20 16:31:11 +08:00
赶紧改密码,最近密码泄露太多了吧,看来需要全部开启两步验证,真麻烦
|
43
sivacohan 2013-11-20 16:36:11 +08:00
为毛线我的就没人进来……是不屑吗?
|
44
cyberscorpio 2013-11-20 16:47:31 +08:00
说明这些网站一直都有漏洞被别人攥在手里,这次因为 github 的账户可以赚比特币,所以就被拿出来用了。说到底还是利益使然。
|
45
lazygunner 2013-11-20 17:00:59 +08:00
看来这么多人也被搞了。。。
早上没看邮件,发现push不上去,登录网站才发现不妙。。 |
46
siw 2013-11-20 17:22:40 +08:00
user.failed_login: Originated from 190.204.106.53
2 days ago user.failed_login: Originated from 222.124.123.28 3 days ago user.failed_login: Originated from 190.73.173.143 3 days ago user.failed_login: Originated from 84.2.238.34 哈哈我的密码只有和用户名很类似。。。 |
47
picasso250 2013-11-20 17:32:26 +08:00
user.failed_login: Originated from 200.109.44.249
2 days ago user.failed_login: Originated from 190.203.146.148 2 days ago user.failed_login: Originated from 186.90.120.120 2 days ago user.failed_login: Originated from 110.139.155.95 3 days ago user.failed_login: Originated from 186.88.103.204 |
48
F0ur 2013-11-20 17:36:54 +08:00
8 hours ago user.failed_login: Originated from 190.173.31.217
3 days ago user.failed_login: Originated from 180.94.69.66 3 days ago user.failed_login: Originated from 190.200.215.14 5 days ago user.failed_login: Originated from 106.187.101.212 6 days ago user.failed_login: Originated from 115.29.195.54 10 days ago user.failed_login: Originated from 8.35.200.38 好可怕。。 |
49
xiaket 2013-11-20 17:43:17 +08:00
|
50
gullon 2013-11-20 17:50:24 +08:00
好吧,我也打过 github 的主意, 你们懂的。
有很多思路。。 https://github.com/USERNAME --->判断用户是否存在,这里不限制请求。 USERNAME 和 EMAIL 都可以用来登录帐号。 如何拿用户名呢? 有很多地方是可以获取到用户的 github 主页地址的。 例如,遍历 v2ex 的所有用户, 获取他的 github 地址。http://www.v2ex.com/t/55360 那密码呢? 你想到了 CSDN 的百万密码库了么? 邮箱,帐号,密码都有。 除了 CSDN,还有很多库呢。。 那如何尝试登录呢? 最简单的方法有木有:http://developer.github.com/v3/auth/#basic-authentication 表单提交也可以(虽然还要获取一个authenticity_token, 麻烦点而已) 再麻烦点的, 使用 http 协议clone 一个 repo,再尝试登录,输入帐号密码(有可能绕过限制哦) ip 限制? 你去搜搜淘宝上卖代理的。 去试试 Tor? 甚至是,有一大批肉鸡? 最后因为太忙了,没坚持折腾。 仅分享。 |
51
jianghu52 2013-11-20 17:52:03 +08:00
吼吼。所以说用古诗拼音外带大小写区分是非常有用的。关键是一首诗能用四个地方呢。
|
55
Semidio 2013-11-20 18:14:46 +08:00
a day ago user.failed_login: Originated from 115.124.92.254
2 days ago user.failed_login: Originated from 190.206.237.133 2 days ago user.failed_login: Originated from 117.36.50.52 2 days ago user.failed_login: Originated from 190.78.188.7 3 days ago user.failed_login: Originated from 186.94.91.65 |
56
hui314 2013-11-20 18:29:40 +08:00
果然我也有...
a day ago user.failed_login: Originated from 190.203.241.16 2 days ago user.failed_login: Originated from 190.75.49.190 2 days ago user.failed_login: Originated from 82.196.169.249 3 days ago user.failed_login: Originated from 201.242.126.249 3 days ago user.failed_login: Originated from 201.74.150.247 |
58
aveline 2013-11-20 19:54:17 +08:00
|
59
nsa 2013-11-20 20:53:01 +08:00
GitHub XRP Giveaway使用后就有这个
a day ago user.failed_login: Originated from 192.116.149.58 a day ago user.failed_login: Originated from 93.84.16.150 a day ago user.failed_login: Originated from 201.242.76.149 a day ago user.failed_login: Originated from 117.59.224.58 a day ago user.failed_login: Originated from 117.59.224.58 |
60
biaobiaoqi 2013-11-20 22:58:31 +08:00
@gullon
细思恐极-,- |
61
xingzw 2013-11-20 23:30:40 +08:00
8天前头脑一热改用LastPass生成一站一密!
2 days ago user.failed_login: Originated from 190.142.115.200 2 days ago user.failed_login: Originated from 190.74.83.70 2 days ago user.failed_login: Originated from 121.35.57.28 3 days ago user.failed_login: Originated from 201.221.131.70 3 days ago user.failed_login: Originated from 190.206.175.123 8 days ago user.login: Originated from 58.243.78.201 8 days ago user.change_password: Originated from 58.243.78.201 |
62
Xrong 2013-11-21 00:09:18 +08:00
正在把LastPass密码迁移至1Password, 然后再全部设置成一站一密...同样已被尝试暴力登录...想想如果lastpass被暴,那才叫恐慌...
|
64
tywtyw2002 2013-11-21 01:34:00 +08:00
@aveline 为啥我的 10位密码一直没有被攻破呢? 我怀疑是有啥bug吧
|
65
tywtyw2002 2013-11-21 01:36:02 +08:00
@haisua 嗯 我lastpass直接启动了 yubikey去验证,估计他们是破解不了了。。。
|
66
faceair 2013-11-21 02:02:01 +08:00
2 days ago user.failed_login: Originated from 190.38.177.245
2 days ago user.failed_login: Originated from 175.139.212.253 3 days ago user.failed_login: Originated from 186.93.203.162 3 days ago user.failed_login: Originated from 190.207.238.230 一站一密,虽然不是随机。。 |
67
vietor 2013-11-21 08:46:25 +08:00
为什么没人搞我的帐号?难道是,没价值?咳
|
68
gkiwi 2013-11-21 09:28:03 +08:00
被攻破了...keePass了~~
|
69
railgun 2013-11-21 09:29:18 +08:00
|
70
railgun 2013-11-21 09:31:05 +08:00
不过这次只是弱口令攻击,楼主的密码太简单了吧→_→
|
71
raptor 2013-11-21 09:45:07 +08:00
说明你们都是红人……我就没有被攻击的记录……
|
72
iptux 2013-11-21 09:56:21 +08:00
同没被搞帐号。。。
|
75
delong 2013-11-21 14:06:57 +08:00
>_< github怎么被攻破的
|
77
wanjun 2013-11-21 15:12:37 +08:00
弱口令,暴破,我的简单密码也被破了。
|
78
dreasky 2013-11-21 15:55:40 +08:00
tshwangq 121815wq
|
79
pright 2013-11-21 15:56:23 +08:00
我也收到邮件了,不过倒是没有楼上的那些提示信息
|
80
binyuJ 2013-11-21 16:27:10 +08:00
user.failed_login: Originated from 186.219.154.247 2 days ago
user.failed_login: Originated from 59.148.249.150 3 days ago user.failed_login: Originated from 67.184.194.122 3 days ago user.failed_login: Originated from 186.88.203.246 3 days ago user.failed_login: Originated from 121.8.248.202 4 days ago ps.之前收到好几封搞ripple的邮件,不过不知道是什么所以没理会 |
81
CrazyApi 2013-11-21 18:28:17 +08:00
还好重要账号一直都是强密码
user.failed_login: Originated from 190.200.219.140 user.failed_login: Originated from 177.68.25.33 user.failed_login: Originated from 189.3.25.146 user.failed_login: Originated from 103.12.114.147 user.failed_login: Originated from 190.203.70.47 |
82
deyu260 2013-11-21 18:33:32 +08:00
2 days ago user.failed_login: Originated from 190.72.151.75
3 days ago user.failed_login: Originated from 119.148.8.122 4 days ago user.failed_login: Originated from 186.95.201.126 4 days ago user.failed_login: Originated from 217.150.86.136 在cubieboard那边也看到35块人民币换一个github支持 这价格不和国际接轨 |
83
tioover 2013-11-21 20:08:18 +08:00
3 days ago user.failed_login: Originated from 103.12.114.147
3 days ago user.failed_login: Originated from 190.39.64.237 3 days ago user.failed_login: Originated from 190.36.93.31 3 days ago user.failed_login: Originated from 46.40.109.4 4 days ago user.failed_login: Originated from 190.38.93.201 4 days ago user.failed_login: Originated from 79.33.238.111 20 days ago user.failed_login: Originated from 74.126.176.138 22 days ago user.failed_login: Originated from 8.35.201.103 23 days ago user.failed_login: Originated from 171.213.55.27 23 days ago user.failed_login: Originated from 171.213.55.27 丧心病狂 |
84
zonyitoo 2013-11-21 22:03:33 +08:00
3 days ago user.failed_login: Originated from 41.178.213.151
3 days ago user.failed_login: Originated from 180.248.5.15 3 days ago user.failed_login: Originated from 182.253.49.250 3 days ago user.failed_login: Originated from 190.95.243.35 4 days ago user.failed_login: Originated from 201.242.72.225 4 days ago user.failed_login: Originated from 180.254.65.142 Github出事了 |