Battle against brute force attacks #HackerSeries

brute force attacks

As a website owner, you would be forgiven for feeling like you’re being attacked from all angles. The reality is that you probably are! Even small websites and blogs are subjected to bot-driven attacks – heck, right here at Netshock we have blocked over 2,000 malicious login attempts over the last few months.

One such way to login to a system that you’re not authorised to access is to use a hacking technique referred to as a ‘brute force attack’. These use computer generated scripts to randomly create tens of thousands of passwords, in the hope that one of them will be correct and that access will be granted.

This is very similar to how you might try logging into your friends phone (to set an embarrassing background image). You would randomly try passwords, in the hope that one of them would be right and that you’d be granted access to your friends device.

Stopping brute force atacks

These attacks are a lot easier to spot than many other types of hack as they can cause thousands of password requests for a single user and you can systematically program in responses to help protect your application

Firstly, you can simply limit login attempts. What this means is that after a certain number of incorrect passwords, the system will lock your account and won’t let you login for a set period of time.

Alternatively, after a certain number of failed login attempts, you can request that the user fills out one of those annoying captcha forms that ‘prove you’re human’. This should stop most bots in their tracks!

At a more technical level, you could even enable multi factor authentication. What this means is the user will login with their usual username and password. Upon successful authentication, the user will receive a text message to their mobile phone, which includes a secret code. The user will not be granted access to the system until they type their username, password and secret code into the system.

This article was brought to you by Netshock. We are the business technology blog that covers IT security, web development, app development and more great topics. If you would like to ask us a question, please do so in the comments.

Image used under creative commons

Tagged under:

2 Comments

  • Jeremy

    I have never heard of brute force attacks but it is good to know now! Very useful tips and knowledge, thanks for sharing.

  • Danny

    I have heard about these attacks before, but I still did not know much. This post helped me fill in the gaps of what I did not already know regarding “brute force attacks” and I will definitely be reading some of your other posts for more information!

Comments are closed.