The amount of the stored hashes on md5.rednoize.com has made a large jump in the last few days. The site in the google cache (dated from 30 Aug 2006 19:49:32 GMT) counts 5,531,616 md5 strings.
The actual count is about 6,363,467.
The ip 24.141.55.x has added about 400,000 plain text strings to the database.
It started (21 Aug 2006 12:27:50) with “3QOOk28N” and “NtIDSzQ7″, then went over to dictionary words
like “codex”, “hazard”, “strength” to finaly end the mass attack with “Zyzzogeton” (what ever this is supposed to mean) on 02 Sep 2006 06:57:45. For more then ten days the server had a somehow higher load then usual thanks to this guy (although i did not recognized it before yesterday).
In contrast to the “donor of hashes” mentioned above, the ip 195.114.42.x has requested clear text strings for about 53,800 md5 hashes. The attack started on 02 Sep 2006 04:27:24 and lasted until 12:49 the same day. 53,800 queries in 8 hours is a good score.
So, in reaction to this abuse, the web site sleeps some milliseconds with each query from now on.
Normal users should not be affected by this, but these mass query scripts should be slowed down, at least a little bit.
Actually I do not have anything against such mass queries to my server. However the other services running on the machine should not be impaired.
Conclusion: Thanks to the donor, shame on the leecher.
Popularity: 22% [?]