What is Brute Force?
A brute force attack is an attempt by hackers to break into a website by cracking the website's password.
A brute force attack can happen on any website, whether an individual or a company. In addition, brute force is not only limited to a website but also systems in general such as servers and so on.
The motives or goals of hacker attacks can vary. Such as stealing important information, impersonating the original owner, sending phishing links to spreading fake content in order to damage the reputation of a website from an individual or business.
One of the worst motives for a brute force attempt is to break into the data of a particular bank or financial institution to commit theft. But regardless of the motive, brute force is detrimental to the victim and should be prevented wherever possible.
Brute Force Attack Method
In performing a brute force attack, hackers can use certain methods. Here are some methods that can be used in launching a brute force attack.
1. Simple Brute Force Attack
This method is the easiest and most commonly used by hackers as it does not require any special logic or equipment. The hacker simply guesses the password used on the target account. The guessing process is repeated until he finds the right password.
This method is possible on websites that do not limit the number of logins.
2. Dictionary Attack
It's the same as the simple method above, except that in this dictionary method, hackers first create a list of passwords that might be used.
Hackers will try these passwords one by one and eliminate the ones that have been tried and failed. This makes the attack more efficient.
3. Hybrid Brute Force Attacks
This method is a combination of the previous two methods. Hackers will start attacking with a collection of passwords created with a certain logic that is usually used successfully. For example, passwords created based on date of birth and so on.
After that, the break-in will proceed with simple methods to create several possible variations.
4. Rainbow Table Attacks
This method is quite complicated, the hacker does not make the guessing attempts described earlier but rather restores the cryptographic hash function.
Simply put, hackers look for the encrypted result of the password in the form of characters of a certain length and find the password from there. The password accuracy of this method can be better than the previous method.
5. Reverse Brute Force Attack
Hackers use a common password or password collection against many possible usernames. The target of this brute force attack method is a network of users whose data has been obtained by hackers before.
6. Credential Stuffing
This method is used when hackers have obtained a match between the username and password on one account, they use the information to break into other accounts or services. The motive for this practice is that many people use the same password in various services.
Hackers can use one, some or even all of the above methods to get the username and password of a website or other system. Therefore, before anything bad happens, we must know how to prevent brute force attacks.
How to Prevent Brute Force
Everyone doesn't want their accounts to be breached by irresponsible parties. And neither do you, right? To prevent this from happening, there are several ways you can do this.
1. Create a Complex or Hard-to-Guess Password
Many people choose to use simple passwords with the aim of being easy to remember, but the danger is that these passwords will also be easily guessed.
If you want to avoid brute force attempts, you should create difficult passwords such as combining letters with numbers, symbols and/or using a variety of lowercase and capital letters.
2. Limit Logins to Your Website
From what we wrote earlier, one of the brute force methods is to guess possible passwords and try them out. Therefore, a simple way to prevent brute force is to limit the number of logins to your website.
There are many ways to do this, if your website is built with WordPress, you can use plugins like Loginizer and the like. Or it's even better if you build your website on a hosting server with security tools like Imunify360.
3. Use Captcha
Captcha stands for Completely Automated Public Test to Tell Computers and Humans Apart. Simply put, it is a system that is tasked with ensuring that the login is done by the user and not a specific computer program or bot that hackers use to break into the system.
When the captcha is active, it is not enough to log in using your username and password but you must also solve the captcha.
4. Changing the Login URL on the Website
Websites created with a CMS (Content Management System) like WordPress generally use a default login URL. Hackers can access the login page to perform brute force attacks. Therefore, changing the login URL will minimize the possibility of the website becoming the target of a brute force attack.
5. Menggunakan Two Factor Authentication
Two Factor Authentication (2FA) does make the login step more complicated. This method requires confirmation on another device for the login process to succeed. As a result, you do have to authenticate twice, but in return your website is harder to hack because hackers don't have access to the device.
The 2FA validation or confirmation process can be done through a phone number, email or even an application installed on your computer or mobile device.
6. Monitor Logs and Routinely Change Passwords
Another way you can prevent brute force is by diligently monitoring your website or system logs. Pay attention to whether there are login attempts that you don't recognize, if there are it would be better if you change your password.
However, even if you don't have one, changing your password on a regular basis is worth a try so that you can avoid being breached. But make sure the password you create is not easy to guess.
6.
