Brute Force and Hackers

Hackers
Photo by Towfiqu barbhuiya on Unsplash

Brute Force and Hackers

This past week, suddenly I got several messages from my website. Telling me that someone was using “Brute Force” to get entry to the Admin page.

With “Brute Force” they mean, that someone is using random user names to get entry to the site. Normally they will check your site and try to guess what your username could be. But if you think about it. With only guessing what the username could be, you still not in. Next to that you also need to try to guess what the password could be. Do you have any idea how many combinations you have to guess the username AND password?

For me, I have no idea, but I think it would be millions.

Why My Site?

Why they are doing this to my site?

No idea. This is just a simple site, about some tech that I am interested in and would like to share with others. There is nothing to get or gain from my site, once you are in. I am not going to tell you exactly what my setup is, but I can tell you, that there are only two users.

Maybe they are after the people who register to the site, to get updates once a new post is posted. Though luck. At this moment, there is only one person registered for that. And that is me.

So, nothing to gain there either.

Security Setup

There are so many ways to set your security. So many different plugins and tools. Each is different then the next. If you install several, then you have many ways to secure your site.

Many are also keeping a log of all activities. If you go through them a few times, you also get some idea of what is going on and adjust your security according to that.

My idea is, that the smaller websites are maybe a bit more difficult to get into. Those people just started and will close every hole they can think of.

The bigger websites are more aware of security, but you also can see, that at those places things could go wrong more often. They are making it so difficult to get in, that sometimes at the backend they have no idea what is doing what.

Closing

Am I worried? Maybe. You never can be sure. It is something that you work hard on and want to keep safe.

But I also think, that people who attack or try to attack smaller sites like mine, they don’t have a life. I feel pity for them. Or maybe they are bored. To those I would say, if you want a real challenge, then find a really big site or company and go try your luck there.

So to everyone who wants to try to get their hands on some data from my site, I would say, go ahead. Wast your time on something useless. There is nothing to gain here. But be aware, that I am keeping logs of things and I will register and report any illegal activity. And adjust settings when I think it is needed.

You can use a VPN to cover your real IP address and jump from one server to another after every try. Go ahead. Wast your time. You also could let a bot do everything for you. But keep in mind, that there will be one time that you or your bot will slip up and make a mistake. Think about Karma.

Maybe it will not happen when you try your luck on my site. But it will happen. You can count on it. And is it worth it?

Loading

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.