The total number incidents decreased by half. However, there are only slightly fewer than 10,000 distinct attackers on the greylist. The last month’s seemingly minor reduction may have been indicative of an ongoing decline.
We updated the report with two new tables that highlight specific violent IP addresses. Since an IP address could also be a proxy server or VPN gateway, NAT or even hacked server, we refrain from using the word “attackers” explicitly.
Although “Changeme123” wasn’t a particularly popular password this month, the leetspeak variants of “password” have over dozen variants. Leetspeak used to be a phenomenon to feel exclusive on online forums long time ago. Using it as a cryptography in 2023 will unquestionably not make someone’s password much more secure. We have actually seen an online password generator that used leetspeak as a cheap way to add entropy to your passwords. In general, it’s not a great idea to use online password generators. The password could be generated by a backend on the server, thus the server will know the password you are about to use and in the past, it could be also sent over the Internet unencrypted. It is much better to use a password generator embedded into your password manager. And if you don’t have a password manager, we strongly recommend you to get one.