A Brute Force Attack is the simplest method to gain access to a site or server (or anything that is password protected). It tries various combinations of usernames and passwords until it gets in. This repetitive action is like an army attacking a fort.
2. What is a Brute Force Attack?
• A Brute Force
Attack is the simplest
method to gain access
to a site or server (or
anything that is
password protected).
• It tries various
combinations of
usernames and
passwords until it gets
in. This repetitive
action is like an army
attacking a fort.
3. How it is done?
• Every common ID (for e.g. “admin”) has a password. All you
need to do is try to guess the password. Simple, isn’t it?
• Well, not really!
• Let’s say if it’s a 4-digit-pin, you have 10 numeric digits from
0 to 9. This means there are 100 possibilities.
• You can figure this out with pen and paper like Mr. Bean did
in the movie, Mr. Bean’s Holiday.
• But, the truth is that no password in the world consists of only
4 characters.
4. How it is done?
• Let’s say if we have an alphanumeric 8-character password.
– We can have 52 possible alphabetic (normal + UPPER & Lower)
combinations
– Now add the Numeric digits, i.e. 10.
– So, we have 62 characters in total.
• For 8-character-password, it will be 628 which will make 2.1834011×1014
possible combinations.
• If we attempt 218 trillion combinations at 1 try per second, it would take 218
trillion seconds or 3.6 trillion minutes, or at most, around 7 million years to
crack the password.
5. Then, How Can It Happen?
• If you are interested in cracking passwords, you will have to use
computers and write a few basic codes.
• But a normal computer won’t do. You would need a
supercomputer.
– After almost 1x109 attempts per second, after 22 seconds, You should be
able to break an 8 character password.
• Computing resources of this kind are not available to common
people. But hackers are not common people.
6. That’s Scary! What to do Now?
• It is essential to have additional layers of security in order
to detect and deflect any password breaching attempt.
• There are many tools available for securing different
applications which deny a user after a predefined number
of attempts.
• For example, for SSH we can use Fail2ban or Deny hosts.
7. How To Prevent It?
• Take these precautionary measures to
prevent attacks:
–Create a longer password.
–Use UPPERCASE and lowercase
alphabets, numbers, and special
characters.
–Use different passwords for different
accounts.
8. Am I Safe on Cloudways?
Yes!
• Our security system is capable of identifying brute force
attacks and banning IP’s being used in such attacks.
• We are always at work to protect our Cloudways Platform
and the servers hosted on it.
SIGN UP NOW AND SEE FOR YOURSELF!