Brute Force Attack – A Real Website Threat

Reading Time: 4 minutes

The digital landscape can be an extremely hostile place. Without the proper protection, your website (and data) is left vulnerable to a host of security threats. Brute Force Attacks are one threat that Web-Sta has recently encountered. Read on to learn more about what it is and what we’ve done about it:

  • Brute Force Attacks – a scary reality of the internet
  • What you should know about Brute Force Attacks
  • How Web-Sta dealt with a Brute Force Attack
  • Comprehensive website security by Web-Sta

A Brute Force Attack? It Sounds Scary! 

The name sounds scary, because it is!

It’s no longer just Computer Security, Firewalls, and Spam; Website Security is very much a reality of website ownership and management in today’s digital landscape.

So why the scare tactic?

Just recently, Web-Sta became a random target of what’s known in the industry as a Brute Force Attack. We wanted to share how this impacted us, and how it could have significantly impacted our clients if not for our:

  1. Fully Managed WordPress Hosting (FMWH) Activity + Monitoring Software
  2. Security-Centric + Technically-Minded Web-Sta Team; and
  3. Hosting Tech Support Crew

The great news is, we isolated, rectified, and stopped these attacks in their tracks. Having further secured our Client sites to shield / block future attack attempts, we’re now investing the time to share with you the vital importance of your website security – and how we’re focused on keeping your most valuable digital asset safe.

What is a Brute Force Attack?

To help you understand more about Brute Force Attacks, we’ve collated a series of FAQs:

  • What are they? “A brute force login attack is one of the most common (and least subtle) attacks conducted against Web applications”. Source: computerweekly.com  
  • How do they work? Without the right protection “…it’s possible for automated tools – which are readily available on the Internet – to submit thousands of password attempts in a matter of seconds (or less)…” Source: computerweekly.com So, it’s basically automated software designed to keep guessing unique username and password combinations. The problem is, it’s fast and it doesn’t sleep, eat, or get distracted.
  • What are they for? “The aim of a brute force attack is to gain access to user accounts by repeatedly trying to guess the password of a user or a group of users.” Source: computerweekly.com. Using what is essentially a trial-and-error approach (as known in Cryptography), the purpose of such an attack varies from: 
    • Login credentials
    • Compromising security
    • Gathering financial, contact or medical data
    • Upload malicious content / code 
    • And a variety of other unwanted (and often illegal) activities
  • Are they illegal? “Brute-force attack is in itself not illegal, but, as with many things, can be used in a way that is illegal. You should consider any attack on a system / network for which you do not have permission as illegal.” Source: hackthis.co.uk
  • What problems can they cause? Without the right monitoring and alerts in place, here are some examples of what you could be risking:
    • Slow Page Load Speed | due to the volume of traffic on the hosting server, websites can start performing at a snail’s pace, and nobody likes a slow website
    • Compromised Data | including customer contact details from online form submissions, newsletter database, and even online shopping cart information
    • Unauthorised Access | from social media accounts and payment platforms, through to Google tracking, your website is likely tapped into several eMarketing tools that you would prefer to keep protected
    • Access to Website’s Core Files | from malicious code being installed, to a crashed website, or error messages to a website that redirects to a completely different website – all can be a lengthy and costly issues to resolve
    • Loss of Business | if your website goes down due to security breach and performance issues, potential customers won’t be able to find you – and no customers = no leads.
What is a Brute Force Attack?   Brute Force Attack

Web-Sta Case Study | What Happened + How We Dealt With It

  1. Attack | it started with 1000’s of attack attempts (which looked like traffic) simultaneously hitting our hosting servers.
  2. Impact | we experienced extremely slow website performance. 
  3. Response | as a protection mechanism, our server intentionally slowed performance on some of our large client sites to stop itself from shutting down. 
  4. Result | while this protection protocol stopped sites from crashing (which is great news), it unfortunately flows into poor user experience with slow page load times and, if left unattended for too long, can have an impact on Google ranking plus sales and enquiries (the not so great news).

WordPress Website Security | We’ve Got Your Back!

You’ve possibly come across a “You’ll be logged out after three failed login attempts” message. This is actually one of the many security measures employed to prevent unwanted access to your digital platforms. Here are some other processes we’ve added to further lock down and protect your greatest digital asset.

  • Progressive Delays | in the event of an attack attempt on your Web-Sta Hosted WordPress website, specialist software (added by us) triggers certain red flags, and your website will block the recognised IP address for up to 2 months. This significantly reduces the traffic load on your hosting and further protects your website.
  • Challenge-Response | a prime example of this is an online form reCAPTCHA requiring the user to enter a word, solve a math problem, or correctly respond to a visual challenge to ensure the user is, in fact, a person. 
  • Strong Passwords | we’ve always been advocates for strong passwords. On occasion, our systems will force you to update your password to something more secure, and therefore harder for hackers of the human and digital varieties to guess. According to Wikipedia, “Longer passwords, passphrases and keys have more possible values, making them exponentially more difficult to crack than shorter ones.” 
  • Security Monitoring | for our valued clients, we like to keep things transparent. We send a monthly Fully Managed WordPress Hosting Report that includes the details of our ongoing security monitoring.
  • Security Software | we partner with Wordfence… leaders in WordPress website protection.

Brute Force Attacks | Just the Beginning…

This Blog only really skims the surface of the severe impact of Brute Force Attacks and website security, as well as the importance of the systems and procedures required to monitor and manage this on your behalf.

We trust it brings to light just how important it is to ensure you have diligent website hosting to cover your bases – including the right hosting provider, the right protection security, and the right back-ups if and when required.

 

Don’t Wait for a Brute Force Attack to Hit Your Website

WE BUILD YOUR WEBSITE
YOU BUILD YOUR BUSINESS