这是一个创建于 4350 天前的主题,其中的信息可能已经有所发展或是发生改变。
半夜提示我多了一个ssh key。
我有私有repo 啊。。。
我有私有repo 啊。。。
 | 1 cloudqq 2013-11-20 11:25:40 +08:00 我表示怀疑,获取你私有项目有啥意义。 |
 | 2 humiaozuzu 2013-11-20 11:27:22 +08:00 擦 我也是! 今天把所有能开启两步验证的全开了,密码全换不同的强密码了 被日了果然才知道不安全 LOL |
 | 3 Ray2EX 2013-11-20 11:27:28 +08:00 楼上太毒了 |
| 4 humiaozuzu 2013-11-20 11:28:10 +08:00 昨天 HN 上头条就是 Github is exp security issues,没想到今天自己就被日了。。。 |
 | 5 tshwangq OP 怀疑什么?他无聊把我的项目公开呢,搞个什么10w个github repo bt。 我不好交代啊 |
 | 6 LU35 2013-11-20 12:00:44 +08:00 via Android 半夜收到邮件提示密码被更改,还在想是什么情况。晚上就收到官方邮件,据说是受到adobe泄漏的影响。 |
 | td width="10" valign="top"> 7 c19 2013-11-20 12:26:30 +08:00 |
| 8 c19 2013-11-20 12:28:04 +08:00 https://github.com/settings/security 看看是不是被试密码了。。 |
 | 9 xatest 2013-11-20 12:33:42 +08:00  1 @c19 看了一下,果然很多尝试失败的记录,幸好我是强密码~ a day ago user.failed_login: Originated from 186.14.6.207 a day ago user.failed_login: Originated from 190.79.142.40 2 days ago user.failed_login: Originated from 183.89.16.23 2 days ago user.failed_login: Originated from 190.72.6.251 2 days ago user.failed_login: Originated from 202.101.96.154 4 days ago user.failed_login: Originated from 200.84.65.94 4 days ago user.failed_login: Originated from 190.39.14.235 4 days ago user.failed_login: Originated from 93.61.60.10 4 days ago user.failed_login: Originated from 186.46.160.188 4 days ago user.failed_login: Originated from 201.210.49.168 4 days ago user.failed_login: Originated from 46.149.222.114 4 days ago user.failed_login: Originated from 201.211.85.139 4 days ago user.failed_login: Originated from 186.88.167.21 4 days ago user.failed_login: Originated from 186.92.91.46 4 days ago user.failed_login: Originated from 78.58.57.41 4 days ago user.failed_login: Originated from 186.95.160.168 4 days ago user.failed_login: Originated from 186.95.64.36 4 days ago user.failed_login: Originated from 182.253.48.86 4 days ago user.failed_login: Originated from 175.141.33.131 4 days ago user.failed_login: Originated from 197.210.255.150 4 days ago user.failed_login: Originated from 186.94.149.202 4 days ago user.failed_login: Originated from 190.207.170.157 4 days ago user.failed_login: Originated from 200.192.215.138 4 days ago user.failed_login: Originated from 190.207.0.10 4 days ago user.failed_login: Originated from 190.203.78.224 4 days ago user.failed_login: Originated from 82.79.66.19 4 days ago user.failed_login: Originated from 118.99.114.199 4 days ago user.failed_login: Originated from 186.94.246.28 |
 | 10 FrankFang128 2013-11-20 12:53:13 +08:00 via Android 你们的密码是不是很弱 |
 | 11 greenmoon55 2013-11-20 13:03:18 +08:00 two_factor_authentication.enabled: a day ago user.failed_login: Originated from 190.36.202.117 a day ago user.failed_login: Originated from 114.32.114.10 a day ago user.failed_login: Originated from 78.46.250.85 2 days ago user.failed_login: Originated from 1.64.139.71 2 days ago user.failed_login: Originated from 186.95.46.139 2 days ago user.failed_login: Originated from 190.207.233.235 |
 | 12 mlc880926 2013-11-20 13:04:12 +08:00 user.failed_login: Originated from 201.211.5.166 a day ago user.failed_login: Originated from 190.73.130.185 a day ago user.failed_login: Originated from 182.253.32.15 2 days ago user.failed_login: Originated from 41.46.80.107 2 days ago user.failed_login: Originated from 190.73.235.26 2 days ago user.failed_login: Originated from 190.79.222.225 我也有不少 |
 | 13 suziewong 2013-11-20 13:05:41 +08:00 我也有,这个是什么情况呀 |
 | 14 0racleTink 2013-11-20 13:06:43 +08:00 把两步验证打开啊 |
 | 16 thai9quohs6jae1C 2013-11-20 13:18:03 +08:00 1 能两步验证的都打开了的 |
 | 17 dorentus 2013-11-20 13:24:15 +08:00 我这里只有两条,五小时前的 IP 是国外的,八天前的 IP 是阿里云的…… user.failed_login: Originated from 188.251.253.106 5 hours ago user.failed_login: Originated from 115.29.148.201 8 days ago |
 | 18 ffts 2013-11-20 13:29:18 +08:00 我的也是诶... 还是改密码吧... |
 | 19 airyland 2013-11-20 13:30:43 +08:00 我也是!! |
 | 20 reorx 2013-11-20 13:38:44 +08:00 4 很明显这是想用 github 帐号从 ripple 搞钱的人干的 |
 | 21 family 2013-11-20 13:42:15 +08:00 我的密码也被修改了... |
 | 24 GitFree 2013-11-20 14:05:39 +08:00 早上一起床就收到了github的提醒邮件。 |
 | 25 aveline 2013-11-20 14:10:27 +08:00 擦,我的也是... 24 位密也能居然。 了密。 |
 | 27 zouchao 2013-11-20 14:19:33 +08:00 我也遭殃了!擦!!不过我是8位数数字密码!用了几年了~~~ |
 | 28 lijinma 2013-11-20 14:32:50 +08:00 上网搜了一下,发现确实是因为ripple利益的驱动,每个账号2020XRP现在在中国值140块左右。 不过,今天 Ripple 已经取消对github的giveaway,所以说哪里有价值哪里就会不安全。 |
| 29 humiaozuzu 2013-11-20 14:38:18 +08:00 @aveline 貌似是 adobe 事件泄露?我的密码也是不会穷举出来的那种。。。 |
 | 30 soulgain 2013-11-20 14:39:55 +08:00 我也是,各位出现问题的github账号的密码是不是跟ripple的wallet密码相同? |
| 31 aveline 2013-11-20 14:45:37 +08:00 @humiaozuzu 我每站密都不一的,和 Adobe 。 |
 | 32 hustlzp 2013-11-20 14:48:33 +08:00 user.failed_login: Originated from 201.243.46.125 2 days ago user.failed_login: Originated from 186.47.228.241 2 days ago user.failed_login: Originated from 190.205.214.143 2 days ago user.failed_login: Originated from 182.253.50.253 3 days ago user.failed_login: Originated from 110.138.216.157 4 days ago user.login: Originated from 211.69.194.179 9 days ago user.failed_login: Originated from 8.35.200.38 9 days ago user.failed_login: Originated from 8.35.200.37 9 days ago user.failed_login: Originated from 8.35.200.36 9 days ago user.failed_login: Originated from 8.35.200.36 12 days ago user.failed_login: Originated from 220.137.34.240 这...好多... |
 | 33 zghcx99 2013-11-20 14:53:22 +08:00 这 如何是好 |
 | 34 4BVL25L90W260T9U 2013-11-20 14:54:05 +08:00 user.failed_login: Originated from 190.37.46.96 2 days ago user.failed_login: Originated from 201.208.14.161 2 days ago oauth_access.create: gittip 2 days ago user.failed_login: Originated from 190.206.251.108 3 days ago user.failed_login: Originated from 182.253.35.252 5 days ago oauth_access.create: GistBox 5 days ago user.failed_login: Originated from 8.35.201.35 14 days ago user.failed_login: Originated from 115.29.195.54 的确好多 |
 | 35 chunchu 2013-11-20 15:08:42 +08:00 我的也被攻破了,已经修稿密码,开启两步验证了 |
 | 36 MuyouSome 2013-11-20 15:10:29 +08:00 看了下,我也有。。。我去 |
 | 37 yylzcom 2013-11-20 15:34:51 +08:00 keepass生成的密码暂时未被攻破 = =# 虽然经常在其他人电脑上输入密码有困难 |
 | 38 danzwl 2013-11-20 15:59:25 +08:00 user.failed_login: Originated from 186.89.182.64 a day ago user.failed_login: Originated from 86.120.196.242 2 days ago user.failed_login: Originated from 111.221.1.110 2 days ago user.failed_login: Originated from 190.36.88.191 3 days ago user.failed_login: Originated from 190.207.31.129 1Password生成的密…… |
 | 39 jon 2013-11-20 15:59:41 +08:00 @humiaozuzu 提醒了我,keepass还差了github这个账户呢 |
 | 41 sdysj 2013-11-20 16:30:16 +08:00 ssh key都不分开用吗?真勇敢。 |
 | 42 tingxueren 2013-11-20 16:31:11 +08:00 赶紧改密码,最近密码泄露太多了吧,看来需要全部开启两步验证,真麻烦 |
 | 43 sivacohan PRO 为毛线我的就没人进来……是不屑吗? |
 | 44 cyberscorpio 2013-11-20 16:47:31 +08:00 说明这些网站一直都有漏洞被别人攥在手里,这次因为 github 的账户可以赚比特币,所以就被拿出来用了。说到底还是利益使然。 |
 | 45 lazygunner 2013-11-20 17:00:59 +08:00 看来这么多人也被搞了。。。 早上没看邮件,发现push不上去,登录网站才发现不妙。。 |
 | 46 siw 2013-11-20 17:22:40 +08:00 user.failed_login: Originated from 190.204.106.53 2 days ago user.failed_login: Originated from 222.124.123.28 3 days ago user.failed_login: Originated from 190.73.173.143 3 days ago user.failed_login: Originated from 84.2.238.34 哈哈我的密码只有和用户名很类似。。。 |
 | 47 picasso250 2013-11-20 17:32:26 +08:00 user.failed_login: Originated from 200.109.44.249 2 days ago user.failed_login: Originated from 190.203.146.148 2 days ago user.failed_login: Originated from 186.90.120.120 2 days ago user.failed_login: Originated from 110.139.155.95 3 days ago user.failed_login: Originated from 186.88.103.204 |
 | 48 F0ur 2013-11-20 17:36:54 +08:00 8 hours ago user.failed_login: Originated from 190.173.31.217 3 days ago user.failed_login: Originated from 180.94.69.66 3 days ago user.failed_login: Originated from 190.200.215.14 5 days ago user.failed_login: Originated from 106.187.101.212 6 days ago user.failed_login: Originated from 115.29.195.54 10 days ago user.failed_login: Originated from 8.35.200.38 好可怕。。 |
 | 49 xiaket 2013-11-20 17:43:17 +08:00 |
 | 50 gullon 2013-11-20 17:50:24 +08:00 好吧,我也打过 github 的主意, 你们懂的。 有很多思路。。 https://github.com/USERNAME --->判断用户是否存在,这里不限制请求。 USERNAME 和 EMAIL 都可以用来登录帐号。 如何拿用户名呢? 有很多地方是可以获取到用户的 github 主页地址的。 例如,遍历 v2ex 的所有用户, 获取他的 github 地址。http://www.v2ex.com/t/55360 那密码呢? 你想到了 CSDN 的百万密码库了么? 邮箱,帐号,密码都有。 除了 CSDN,还有很多库呢。。 那如何尝试登录呢? 最简单的方法有木有:http://developer.github.com/v3/auth/#basic-authentication 表单提交也可以(虽然还要获取一个authenticity_token, 麻烦点而已) 再麻烦点的, 使用 http 协议clone 一个 repo,再尝试登录,输入帐号密码(有可能绕过限制哦) ip 限制? 你去搜搜淘宝上卖代理的。 去试试 Tor? 甚至是,有一大批肉鸡? 最后因为太忙了,没坚持折腾。 仅分享。 |
 | 51 jianghu52 2013-11-20 17:52:03 +08:00 吼吼。所以说用古诗拼音外带大小写区分是非常有用的。关键是一首诗能用四个地方呢。 |
 | 55 Semidio 2013-11-20 18:14:46 +08:00 a day ago user.failed_login: Originated from 115.124.92.254 2 days ago user.failed_login: Originated from 190.206.237.133 2 days ago user.failed_login: Originated from 117.36.50.52 2 days ago user.failed_login: Originated from 190.78.188.7 3 days ago user.failed_login: Originated from 186.94.91.65 |
 | 56 hui314 2013-11-20 18:29:40 +08:00 果然我也有... a day ago user.failed_login: Originated from 190.203.241.16 2 days ago user.failed_login: Originated from 190.75.49.190 2 days ago user.failed_login: Originated from 82.196.169.249 3 days ago user.failed_login: Originated from 201.242.126.249 3 days ago user.failed_login: Originated from 201.74.150.247 |
| 58 aveline 2013-11-20 19:54:17 +08:00 |
 | 59 nsa 2013-11-20 20:53:01 +08:00 GitHub XRP Giveaway使用后就有这个 a day ago user.failed_login: Originated from 192.116.149.58 a day ago user.failed_login: Originated from 93.84.16.150 a day ago user.failed_login: Originated from 201.242.76.149 a day ago user.failed_login: Originated from 117.59.224.58 a day ago user.failed_login: Originated from 117.59.224.58 |
 | 60 biaobiaoqi 2013-11-20 22:58:31 +08:00 @gullon 细思恐极-,- |
 | 61 xingzw 2013-11-20 23:30:40 +08:00 8天前头脑一热改用LastPass生成一站一密! 2 days ago user.failed_login: Originated from 190.142.115.200 2 days ago user.failed_login: Originated from 190.74.83.70 2 days ago user.failed_login: Originated from 121.35.57.28 3 days ago user.failed_login: Originated from 201.221.131.70 3 days ago user.failed_login: Originated from 190.206.175.123 8 days ago user.login: Originated from 58.243.78.201 8 days ago user.change_password: Originated from 58.243.78.201 |
 | 62 Xrong 2013-11-21 00:09:18 +08:00 正在把LastPass密码迁移至1Password, 然后再全部设置成一站一密...同样已被尝试暴力登录...想想如果lastpass被暴,那才叫恐慌... |
 | 64 tywtyw2002 2013-11-21 01:34:00 +08:00 @aveline 为啥我的 10位密码一直没有被攻破呢? 我怀疑是有啥bug吧 |
| 65 tywtyw2002 2013-11-21 01:36:02 +08:00 @haisua 嗯 我lastpass直接启动了 yubikey去验证,估计他们是破解不了了。。。 |
 | 66 faceair 2013-11-21 02:02:01 +08:00 2 days ago user.failed_login: Originated from 190.38.177.245 2 days ago user.failed_login: Originated from 175.139.212.253 3 days ago user.failed_login: Originated from 186.93.203.162 3 days ago user.failed_login: Originated from 190.207.238.230 一站一密,虽然不是随机。。 |
 | 67 vietor 2013-11-21 08:46:25 +08:00 为什么没人搞我的帐号?难道是,没价值?咳 |
 | 68 gkiwi 2013-11-21 09:28:03 +08:00 被攻破了...keePass了~~ |
 | 69 railgun 2013-11-21 09:29:18 +08:00 |
| 70 railgun 2013-11-21 09:31:05 +08:00 不过这次只是弱口令攻击,楼主的密码太简单了吧→_→ |
 | 71 raptor 2013-11-21 09:45:07 +08:00 说明你们都是红人……我就没有被攻击的记录…… |
 | 72 iptux 2013-11-21 09:56:21 +08:00 同没被搞帐号。。。 |
 | 75 delong 2013-11-21 14:06:57 +08:00 >_< github怎么被攻破的 |
 | 77 wanjun 2013-11-21 15:12:37 +08:00 弱口令,暴破,我的简单密码也被破了。 |
 | 78 dreasky 2013-11-21 15:55:40 +08:00 tshwangq 121815wq |
 | 79 pright 2013-11-21 15:56:23 +08:00 我也收到邮件了,不过倒是没有楼上的那些提示信息 |
 | 80 binyuJ 2013-11-21 16:27:10 +08:00 user.failed_login: Originated from 186.219.154.247 2 days ago user.failed_login: Originated from 59.148.249.150 3 days ago user.failed_login: Originated from 67.184.194.122 3 days ago user.failed_login: Originated from 186.88.203.246 3 days ago user.failed_login: Originated from 121.8.248.202 4 days ago ps.之前收到好几封搞ripple的邮件,不过不知道是什么所以没理会 |
 | 81 CrazyApi 2013-11-21 18:28:17 +08:00 还好重要账号一直都是强密码 user.failed_login: Originated from 190.200.219.140 user.failed_login: Originated from 177.68.25.33 user.failed_login: Originated from 189.3.25.146 user.failed_login: Originated from 103.12.114.147 user.failed_login: Originated from 190.203.70.47 |
 | 82 deyu260 2013-11-21 18:33:32 +08:00 2 days ago user.failed_login: Originated from 190.72.151.75 3 days ago user.failed_login: Originated from 119.148.8.122 4 days ago user.failed_login: Originated from 186.95.201.126 4 days ago user.failed_login: Originated from 217.150.86.136 在cubieboard那边也看到35块人民币换一个github支持 这价格不和国际接轨 |
 | 83 tioover 2013-11-21 20:08:18 +08:00 3 days ago user.failed_login: Originated from 103.12.114.147 3 days ago user.failed_login: Originated from 190.39.64.237 3 days ago user.failed_login: Originated from 190.36.93.31 3 days ago user.failed_login: Originated from 46.40.109.4 4 days ago user.failed_login: Originated from 190.38.93.201 4 days ago user.failed_login: Originated from 79.33.238.111 20 days ago user.failed_login: Originated from 74.126.176.138 22 days ago user.failed_login: Originated from 8.35.201.103 23 days ago user.failed_login: Originated from 171.213.55.27 23 days ago user.failed_login: Originated from 171.213.55.27 丧心病狂 |
 | 84 zonyitoo 2013-11-21 22:03:33 +08:00 3 days ago user.failed_login: Originated from 41.178.213.151 3 days ago user.failed_login: Originated from 180.248.5.15 3 days ago user.failed_login: Originated from 182.253.49.250 3 days ago user.failed_login: Originated from 190.95.243.35 4 days ago user.failed_login: Originated from 201.242.72.225 4 days ago user.failed_login: Originated from 180.254.65.142 Github出事了 |
Select Language