How Does the Bruteforce of PHPSESSID Attack Affect You?
1. How Does the Bruteforce of PHPSESSID Attack Affect You?
However, for an attacker on the prowl, you become an easy target of an attack and the
attacker can go into the website masquerading as you. In technical jargon, the way the
attacker learns of your username and passwords to impersonate you is Bruteforce of
PHPSESSID or session fixation.
What Happens During The Attack?
During session fixation, an attacker snooping around can get a valid session ID from an
application. The attacker then forces the application to use the same session ID. He usually
does this by sending the victim a link to a website with the session ID attached to the URL.
Once the victim uses the link, the attacker uses the information to guess the username and
password of the user, and the website the user was visiting. It is then easy for the attacker to
impersonate the user.
On the server side, the PHP framework issues a session token when a client session is
started. The token comprises a lot of information such as the IP Address of the client, current
time in seconds and microseconds, a combined php lcg sample and optionally additional
information (entropy) from available sources.
Even though the PHP string is a big string and MD5 encrypted, the session ID string follows
a definite pattern, with parameters such as the IP address and the php_combined_lcq at
specific places. To generate the actual values by guessing them would take a lot of effort by
ordinary means and this where the brute force technology comes in. The attacker
systematically tries every possible combination of symbols, letters and numbers until he
discovers the one correct combination that works.
However, depending on the length of the password used, the number of permutations and
combinations could be extremely huge to be of practical use and it may take the attacker
years to find one password. Attackers therefore use dictionary words, wordlists and smart
rulesets to start with, and this could be put all accounts at risk by flooding your site with
unnecessary traffic.
What Is The Harm Caused By Such Attacks?
An attacker trying to guess username and passwords may send a huge number of requests
to the server, flooding the server with traffic and causing a denial of service to the authentic
users.
Once he gains entry into a vulnerable user account, not only can the attacker steal sensitive
information from the account, he can also plant malware that may compromise other
accounts as well.
2. Using the compromised server, the attacker can turn it into a zombie and attach it to his
botnet to create further attacks that are more powerful.
How Can Such Attacks Be Prevented?
Usually some very effective mechanisms are used to prevent such attacks. One is to login
the user only from a certain IP address. If there is a change in the IP address during a login
session, another level of authentication of secret questions is used to identify if the user is
genuine. Therefore, even if the attacker has managed to guess the username and password
by the brute force method, there is another deterrent to gain access.
Other effective methods used are:
·Assigning unique login URLs to a section of the users in blocks
·Preventing automatic attacks by using CAPTCHA
·Place the attacked account in a lockdown mode with limited capabilities
james scott princeton corporate solutions