What is a Brute Force attack?
In simple terms, a Brute Force attack is an automated software hack that attempts usernames and passwords over and over, until it can get in.
Recently there has been an increase in the use of Brute Force attacks against Joomla! websites.
From a website owner's perspective, a Brute Force attack has a couple of effects:
- Your website will become really slow.
- It is likely your bandwidth usage will skyrocket.
But why? My website isn't that interesting!
Websites are usually hacked either to get hold of valuable data, or as a means of getting to the server. Or, according to this article, it could be for one of these reasons:
- People bored with nothing better to do.
- Political agenda.
- You've irritated somebody.
- You're in competition with each other.
So what can we do to stop it?
There are a number of preventative measures we can attempt, including:
- Don't use the admin username (we don't).
- Choose good passwords. This is usually the weakest link in the chain. If you use a word commonly found in a dictionary, it can be guessed by these programs fairly easily. (And if your password is in this list, we recommend you change it asap!)
- Change your /administrator URL. (We now do this for all Joomla!3x websites.)
- Install a plugin to secure your /administrator area. (We now do this for all Joomla!3x websites.)
For more information about Brute Force attacks and secure passwords, we recommend: