“Brute Force” attacks
Vulnerable computer systems and applications:
Website Content Management Systems (CMS), email and other publicly available information systems.
“Brute force” attacks mean attempts to guess the user’s login details by entering random sequences of characters and commonly used combinations. A variety of software tools are used for this, which, depending on the system security level, allow up to several thousand guesses per minute. Getting into the system is easy if the login is known and the password of the account is simple or very similar to the login name.
- Use strong passwords with random uppercase and lowercase letters and numbers;
- Do not use birth date, name, nickname, or other words that are easy to guess in your password;
- Do not use popular logins (/admin,/cms,/wp-admin, etc.) for the login page;
- Use CAPTCHA images to avoid automated attacks;
- Make it so that you can only connect to website TVS from an internal corporate network or set IP addresses (e.g. using an. htaccess file);
- Set the maximum number of failed connections over a certain time interval, after which the guessing IP address would temporarily be prevented from connecting, or access to the account would be blocked temporarily.