What Is A Brute Force Attack & How We Stop Them

Reading Time: 5 minutes

The digital landscape can be an extremely hostile place. Without the proper protection, your website (and data) is left vulnerable to a host of security threats. Brute Force Attacks are a real threat and happen often. Read on to learn more about what it is and what we’ve done to minimise the risk.

  • Brute Force Attacks – a scary reality of the internet
  • What you should know about Brute Force Attacks
  • How Web-Sta deal with Brute Force Attacks
  • Comprehensive website security by Web-Sta

A Brute Force Attack? It Sounds Scary! 

The name sounds scary, because it is!

It’s no longer just Computer Security, Firewalls, and Spam; Website Security is very much a reality of website ownership and management in today’s digital landscape.

So, why the scare tactic?

Everyday, websites become random targets of what’s known in the industry as a Brute Force Attack. We wanted to share how this can impact you and your business.

What is a Brute Force Attack?

To help you understand more about Brute Force Attacks, we’ve collated a series of FAQs:

  • What are they? “A brute force login attack is one of the most common (and least subtle) attacks conducted against Web applications”. Source: computerweekly.com  
  • How do they work? Without the right protection “…it’s possible for automated tools – which are readily available on the Internet – to submit thousands of password attempts in a matter of seconds (or less)…” Source: computerweekly.com So, it’s basically automated software designed to keep guessing unique username and password combinations. The problem is, it’s fast and it doesn’t sleep, eat, or get distracted.
  • What are they for? “The aim of a brute force attack is to gain access to user accounts by repeatedly trying to guess the password of a user or a group of users.” Source: computerweekly.com. Using what is essentially a trial-and-error approach (as known in Cryptography), the purpose of such an attack varies from: 
     
    • Login credentials
    • Compromising security
    • Gathering financial, contact or medical data
    • Upload malicious content / code 
    • And a variety of other unwanted (and often illegal) activities
  • Are they illegal? “Brute-force attack is in itself not illegal, but, as with many things, can be used in a way that is illegal. You should consider any attack on a system / network for which you do not have permission as illegal.” Source: hackthis.co.uk
  • What problems can they cause? Without the right monitoring and alerts in place, here are some examples of what you could be risking:

    • Slow Page Load Speed | due to the volume of traffic on the hosting server, websites can start performing at a snail’s pace, and nobody likes a slow website
    • Compromised Data | including customer contact details from online form submissions, newsletter database, and even online shopping cart information
    • Unauthorised Access | from social media accounts and payment platforms, through to Google tracking, your website is likely tapped into several eMarketing tools that you would prefer to keep protected
    • Access to Website’s Core Files | from malicious code being installed, to a crashed website, or error messages to a website that redirects to a completely different website – all can be a lengthy and costly issues to resolve
    • Loss of Business | if your website goes down due to security breach and performance issues, potential customers won’t be able to find you – and no customers = no leads.
What is a Brute Force Attack? + Brute Force Attack

What Happens to my Website if it’s being Attacked?

  1. Attack | it generally starts with 1000s of attack attempts which looked like traffic in the eyes of your website hosting. They simultaneously hit your website as it cycles through attempting 1000s of username and password combinations in attempt to access your site.
  2. Impact | extremely slow website performance is usually the first thing you’ll notice. This is because of what your hosting company is trying to do to cope with so much traffic.
  3. Hosting | generally, as a protection mechanism, your website hosting will intentionally slow its performance. This helps make it harder (take longer) for the attacks to succeed and it helps prevent your hosting from reaching its traffic limits and shutting down. 
  4. Result | while this protection protocol can stop your site from crashing (which is great news), it unfortunately flows into poor user experience with slow page load times for legitimate users.

If left unattended for too long, poor website performance will have a negative impact on your Google ranking, trickling through to impact the overall effectiveness of your website at attracting leads.

WordPress Website Security | We’ve Got Your Back!

When typing in your password, you’ve possibly come across a “You’ll be locked out after three failed login attempts” message. This is actually one of the many security measures employed to prevent unwanted access to any digital platform.

Not only do we ensure this is in place on the backend of your website, here are some other safety protocols we include to further lock down and protect your greatest digital asset.

  • Progressive Delays | specialist software triggers certain “red flags”. This will cause your website to block the recognised IP address for up to 2 months. This significantly reduces the traffic load on your hosting and further protects your website.
  • Challenge-Response | a prime example of this is an online form reCAPTCHA requiring the user to enter a word, solve a math problem, or correctly respond to a visual challenge to ensure the user is, in fact, a person. 
  • Strong Passwords | we’ve always been advocates for strong passwords. On occasion, our systems will force you to update your password to something more secure, and therefore harder for hackers of the human and digital varieties to guess. According to Wikipedia, “Longer passwords, passphrases and keys have more possible values, making them exponentially more difficult to crack than shorter ones.” 
  • Security Monitoring | for our valued clients, we like to keep things transparent. We send a monthly Fully Managed WordPress Hosting Report that includes the details of our ongoing security monitoring.
  • Security Software | we partner with Wordfence… leaders in WordPress website protection installing it on every WordPress website we build and manage.

Brute Force Attacks | Just the Beginning…

This Blog only really skims the surface of the severe impact of Brute Force Attacks and website security, as well as the importance of the systems and procedures required to monitor and manage this on your behalf.

We trust it brings to light just how important it is to ensure you have diligent website hosting to cover your bases – including the right hosting provider, the right protection security, and the right back-ups if and when required.

 

Don’t Wait for a Brute Force Attack to Hit Your Website

Contact Web-Sta to ensure your website hosting is safe and secure.

Want More?

Join 100’s of Australian businesses for our weekly newsletter, monthly marketing challenges and more!