Powered by eUKhost®

Announcement

Collapse
No announcement yet.

Brute Force Attack

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Brute Force Attack

    What is Brute Force Attack? How to Block It?

  • #2
    Hello Crystal,

    Brute-force is a process of guessing your password by using combinations of letters, number , and symbols. Some of the brute-force attacks use dictionaries of commonly used passwords to
    speed up the process of guessing passwords.

    Protect yourself from such attacks by choosing an appropriate username and password. Do not use common names for your username. Try to keep them as complicated as possible and include numbers, special characters, upper-case and lower-case letters. You also get free password generators that create long and strong passwords for you to use. Use password vaults / password manager if you have issues remembering long passwords.

    In case you detect a brute-force attack against your site (You will get a huge amount of fail login attempts in your log), you can block the attackers IP address from accessing your site completely. To do that, simply add the following line to your .htaccess file:
    1. deny from 123.123.123.123
    Replace 123.123.123.123 with the actual IP address of the hacker. Also, you should restrict the admin areas of your site only for your address. For WordPress, use your 'wp-admin' folder. For Joomla - you'll need to protect the 'administrator' directory. It is recommended to restrict the admin areas even if there is no attack against your site. The actual .htaccess rules you need to place in those folders are:
    1. deny from all
    2. allow from 222.222.222.222
    Replace 222.222.222.222 with your IP address. To find out what is your IP, you can use one of the many sites providing that information.

    Comment


    • #3
      Hello,

      A hacker launches brute force attack by trying to guess the user ID and password to enter your system. If successful, he can get access to the confidential information or administration tools used by the System Administrator and can modify, delete, add web application content, and can also do other malicious things that can harm your business/data.

      Few of the ways to prevent this attack is

      Make sure the passwords are a little more complex.
      Return a consistent error message for failed logins. Donít give hints to hackers with verbose error messages!
      One common way developers do this is to implement a security control called a captcha.

      Comment

      ban-img
      Working...
      X