Introduction to Brute Force Attacks

djbaxter

Administrator
Joined
Nov 10, 2016
Messages
1,916
Points
113
If you own a website, you need to know about brute force attacks against your site, your server, and your email server.

For Linux hosting, your first line of defense should be CPHulk Brute Force Protection, part of cPanel's security suite.

Additionally, if you run a WordPress site, you really need to install the Wordfence Security Plugin. The free version is likely sufficient for most people but there's a Pro version as well for those who need more.

Introduction to Brute Force Attacks
Wordfence
June 14, 2017

What’s a Brute Force Attack?
Fundamentally, a brute force attack is exactly what it sounds like: a means of breaking in to the back end of a website with relentless successive attempts. With a brute force attack on WordPress websites, a hacker attempting to compromise your website will attempt to break in to your site’s admin area by trial and error, using thousands of possible username/password combinations. This is usually accomplished with automated software specifically designed to generate and then try countless combinations one after the other, over and over, with the aim of finding a needle-in-a-haystack combination that will let them into your WordPress admin area. From there, they can wreak havoc on your site to their hearts’ desire.

How Do Hackers Use Brute Force Attacks Against Websites?
Brute force attacks are difficult, if not impossible, to carry out manually. Instead, hackers write simple scripts, called bots, that carry out thousands of these break-in attempts against websites on auto-pilot. Typically, these bots are custom-written by the attackers and designed to be easily distributed across many hacked machines. These groups of bots, or botnets, work in conjunction with other commonly accessible tools that either generate thousands of passwords or use a wordlist. The latter is often referred to as a dictionary attack, because of their reliance on “dictionaries” or long lists of words to try as a list of passwords and/or usernames on your website. These lists can be reused by many hackers over and over.
Read more...
 

Latest posts

Top