Your website is opened to worldwide users, this allows anyone to keep trying in loging in to your cPanel, FTP, email over and over again until it succeeds. Brute Force Attacks (BFA) is a hacking tactic to guess every possible password depending on the length and complexity of your password. Simple password may take few minutes to break. However, strong password may take several months, and even years to run.
For example, John email is firstname.lastname@example.org. Hackers always begin with simple passwords such as 1234, 1235, 1236, 1237, or abc123, abc124, abc124. Instead of doing it manually, hackers use a dictionary application of all words or commonly used ones and run the password attempt automatically. To further cut down time that is spent, they may run a couple of devices or applications concurrently.
Software that performs brute-force attacks
- Cain and Abel
- Hash Code cracker
- John the Ripper
To protect yourself against brute force attack:
1. Use strong password that has numbers, uppercase and lowercase letters
2. Change password quarterly or yearly.
3. Use 2-Step Verification each time you login to a new devices. A security code will be sent to your phone via SMS.