Online crime or cyber crime occurs every 24 hours. Among these actions, brute force is one that needs to be watched out for.
What is a brute force attack, an attack that supposedly takes advantage of website security weaknesses? Then, how can you protect a website so you don’t become a victim of it?
In this article, we will explain it in detail. So, let’s start with the definition of brute force first.
What is Bruce Force Attack
Brute force is an attempt to gain access to an account by guessing the username and password used.
Brute force attack is actually an old technique in cybercrime. However, it is still widely used because it is considered effective.
Is a brute force attack only concerned with getting usernames or passwords only?
At first it was. But that was only the first step of the attack method. The main purpose of brute force is to access websites, servers that store various information and other important assets.
After entering the system, hackers can control your website to steal data. As a result of these brute force attacks, it will certainly harm you, right?
6 Methods Brute Force Attack
In practice, hackers try to use several methods to perform a brute force attack. What are the methods?
1. Simple Method
Simple brute force is the simplest method of this cyber crime action. So, the hacker will just guess the password on the target account that is already owned.
Undoubtedly, the brute force approach combined with trial and error frequently succeeds. Particularly on systems with no login restrictions and accounts with weak passwords.
Either manually or automatically, hackers can try as many username and password combinations as possible in simple brute force.
The fatal mistake of most users is to use default passwords such as “1234” or “password”.
2. Dictionary Method
Slightly more sophisticated than the simple method, the dictionary method (dictionary attack), hackers have prepared a set of passwords.
In some cases, hackers do research first according to the target. So, instead of just guessing, hackers use the most likely keyword combinations to be used.
Later, the hacker will start erasing password combinations that have been tried and failed. With the dictionary attack method, hackers become more efficient in carrying out their actions.
3. Reverse Bruce Force Attacks
Reverse brute force is a method that is the opposite of simple brute force. So, the hacker starts from a password he already has, then tries to match it with his username.
Reverse brute force attack cannot be taken lightly. Because, if there are users who happen to use the same password (default), then there will be many accounts that can be hacked at once.
4. Hybrid Method
Hybrid brute force attacks are brute force attacks that combine simple and dictionary methods.
So, hackers don’t just prepare a combination of usernames and passwords. More than that, hybrid brute force will utilize numbers or letters that are considered potential. For example “password123”.
5. Credential Method
As the name implies, this brute force attack technique tries to match usernames and passwords from one account to another.
The idea of credential stuffing is that with the same username and password combination, hackers try to get different accounts for different services. So, in one breach, many services or platforms can be controlled.
6. Rainbow Table Method
The rainbow table method is the most unique brute force attack method.
The hacker doesn’t guess the password, but decrypts the hash protection — the encryption result of a password. This method is more likely to provide an accurate password.
6 Steps to Prevent Bruce Force Attack
1. Make Strong Password Combination
If you are still using the password “123456” or date of birth, immediately change the password because it is too common and easy to guess. Hackers will find it easy to attack in a short time.
How to make a strong password? Combine capital letters, lowercase letters, symbols and non-order numbers. Don’t forget to create a password of at least 8 characters.
The stronger your password, the more difficult it will be for hackers to guess the password.
2. Setting Login Limits
The login limit will limit how many login attempts can be made. This is quite helpful in avoiding attacks. Because, after several attempts, the login will be locked for some time.
Say, you set a limit of 5 logins. So, after failing to login 5 times on the your website, the account will be locked and it will take time to try another combination of username and password.
This of course complicates the hacking attempt as it will take much longer.
The login limit gives you the freedom to set the level of security: how many attempts are made or how long the login is locked.
3. Use CAPTCHA
To secure websites from brute force attacks, you can use captcha (Completely Automated Public Test to Tell Computers and Humans Apart).
This system will help ensure that logins are performed by authorized users, not by a computer program designed by hackers to break into the system.
With an active captcha, when logging in, you not only fill in your username and password, but also the captcha. Captchas can only be understood by human visuals. So the robot / computer program will not be able to know the contents.
4. Use Two Factors Authentication
Two Factor Authentication (2FA) is an effort to prevent brute force attacks by using confirmation from other devices. So, authentication is required twice to be able to log in with your account, namely a password and a special code.
With 2FA enabled, you’ll get an authentication code every time you log in. Usually you will receive the code via your phone number or email.
The advantage of using 2FA is that you will get information about any login activity that has been carried out. Also, without your code, no one can continue login attempts.
5. Use Cloudflare
CloudFlare is a security service to protect websites, including from brute force attacks. With CloudFlare, users can make settings to restrict login pages and check browser integrity.
6. If Your are Using WordPress, You can Change Your URL WordPress Login
To login to WordPress, the URL used is www.websitename.com/wp-admin. This default URL is often used by hackers to carry out attacks.
If you change the login URL it will be more difficult for hackers to try to guess the password. How to change it?
You only need to install and activate the All in One WP Security & Firewall plugin. Once active, select the Brute force menu.
Enter the new login URL you want in the Login Page URL field. Then tick check this if you want to enable the rename login page feature and click Save Settings.
Your Security is Our Main Priority!
Website security must always be prioritized to prevent hacker attacks. You have learned what brute force is that harms websites.
This crime action allows hackers to freely control websites, damage business reputation, and access servers to steal important data.
Even though a brute force attack is quite dangerous, this attack can still be prevented. We have discussed it above in full. Starting from creating complex passwords, activating two factor authentication, etc.
In addition, pay attention to the protection of your web hosting service. At HostForLIFE.eu, we do have installed Anti Virus/Malware, periodically scanning our server, and also do periodically server update to increase website security.