![]() |
![]() |
![]() |
||||
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
![]() ![]() |
|
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
Thread Tools |
![]() |
#1 |
Confirmed User
Join Date: Dec 2009
Posts: 2,157
|
How Many Brute Force Attacks On Your Server?
http://en.wikipedia.org/wiki/Brute-force_attack
Ive read this through 100 times and it says the same thing.... A brute force attack is basically about "trying to guess someone's password". If the server had anything of value it would have been well passworded and secure. So what is the point of even trying? Success rate must be one in a billion. How many brute force attacks do you face per day on average and what kind? |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#2 |
So Fucking Banned
Industry Role:
Join Date: Jun 2014
Posts: 66
|
Do you mean trying to brute force the password of a site on a server?
They use software that can run though millions of password and username combos in seconds or literally try various combinaztions of letters until they get the tight one. |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#3 |
Confirmed User
Join Date: Dec 2009
Posts: 2,157
|
OK lets say:
Username: Antwerp (6 characters) Password: x6NgPtRW4ua2 (12 characters) Roughly how long to crack it, considering: (1) You have to know both. (2) You may only have 5 attempts per hour (assuming IP block and Account block kick in). (3) Password may change before you find the solution. (4) There's a good chance if over zealous, your IP is permanently blocked. |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#4 |
Retired
Industry Role:
Join Date: Jul 2011
Location: PDXXX
Posts: 1,976
|
Yeah those are pretty good odds when key gen is running GHz
__________________
Piper Pines |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#5 |
Confirmed User
Join Date: Dec 2009
Posts: 2,157
|
How is it good odds?
1 billion = 1,000,000,000 1,000,000,000 / 5 = 200,000,000 Hours 200,000,000 / 24 = 8,333,333 Days 8,333,333 / 365 = 22,831 Years It could take upto 22,831 Years to find the correct solution. The average human lives for upto 100 years maximum. So the odds are not good unless I am missing something. |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#6 | |
Confirmed User
Industry Role:
Join Date: Jul 2012
Posts: 3,080
|
Quote:
I don't know much about this stuff. But I think instead of brute force, most probably use a dictionary attack (maybe that is a type of brute force, i don't know). Where the program uses a list of common passwords, usually a file of cracked passwords from something like rockyou. RockYou had a huge list of 32 million passwords that is now used to crack other sites. I have played with OclHashcat plus. But you would need to have gotten the password hash offline somehow. Something like "x6NgPtRW4ua2" would take a long time. Depend on how many graphics cards you got running. Many people try to use masks in OclHashCat Plus. Like before trying to brute force all possible passwords. They try all lower case five place ?l?l?l?l?l. Then all lower case 6 places. Then maybe an Upper Case followed by 4 lower case. And so on.
__________________
Live Sex Shows |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#7 |
Confirmed User
Industry Role:
Join Date: Jul 2012
Posts: 3,080
|
Here ya go. For just the password.
http://calc.opensecurityresearch.com/
__________________
Live Sex Shows |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#8 | |
Retired
Industry Role:
Join Date: Jul 2011
Location: PDXXX
Posts: 1,976
|
Quote:
__________________
Piper Pines |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#9 | |
Likes Pie
Industry Role:
Join Date: Dec 2007
Location: The land that liberated porn
Posts: 12,401
|
Quote:
Notice the difference in time for a 6 char password versus a 12 char password. One is: 38 minutes 12 seconds the other is: 1610348 years 65 days 23 hours 45 minutes and 21 seconds ![]() |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#10 |
Retired
Industry Role:
Join Date: Jul 2011
Location: PDXXX
Posts: 1,976
|
As the tech gets faster the password gets longer ...LOL ;) at this rate you'll need 1000 char pass by 2025!
__________________
Piper Pines |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#11 |
So Fucking Banned
Industry Role:
Join Date: Apr 2003
Location: online
Posts: 8,766
|
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#12 |
Likes Pie
Industry Role:
Join Date: Dec 2007
Location: The land that liberated porn
Posts: 12,401
|
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#13 | |
Confirmed User
Industry Role:
Join Date: Jul 2012
Posts: 3,080
|
Quote:
The bad thing about wireless is the password just flies through the air, Waiting to be picked up.
__________________
Live Sex Shows |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#14 |
So Fucking Banned
Industry Role:
Join Date: Apr 2003
Location: online
Posts: 8,766
|
if you are specific target, it will be very hard...if you are normal user (among others milions users who use encryption) - you are free to go and it works
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#15 |
Confirmed User
Join Date: Dec 2009
Posts: 2,157
|
How many of you have been a victim of government surveillance. I guess not.
Even if you are a specific target, encryption works if you are talking about man in the middle, it is very difficult to defeat good encryption. Snowden himself has said the same thing, except that he did stress that intelligence agencies (NSA & GCHQ) are making major inroads into cracking encryption. On the whole, however, it still works and it still protects your privacy so go ahead and use it if you wish to. |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#16 | |
Confirmed User
Join Date: Dec 2009
Posts: 2,157
|
Quote:
Dividing by 5 due to my assumption above that only 5 attempts can be made before the login is locked and the IP s banned for at least one hour. So therefore 5 attempts per hour. Anyway, it wasn't scientific, its just a rough idea of how many calculations need to be done and how time consuming it will be if those kind of restraints exist. |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#17 |
So Fucking Banned
Join Date: Feb 2007
Posts: 131
|
Any good hacker will pull your /etc/shadow file through your webserver and then use rainbow tables.
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#18 |
¯\_(ツ)_/¯
Industry Role:
Join Date: Aug 2004
Posts: 11,475
|
depends on. in the past bruteforce was good for admins and other high targetted accounts, but now, when everyone is warned about how easy is to bruteforce password, so everyone who needs to secure data is choosing hard to bruteforce passwords, bruteforce is now just wasting bandwidth of your hosting. most of the hacks are done by real hackers and programmers and security gurus, not by kids, so nothing to worry about
![]() ![]() ![]() |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#19 |
Confirmed User
Industry Role:
Join Date: Jan 2012
Location: NC
Posts: 7,683
|
there are 2 types of hackers one with specific targets and others without any targets.
__________________
SSD Cloud Server, VPS Server, Simple Cloud Hosting | DigitalOcean
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#20 | |
Too lazy to set a custom title
Join Date: Mar 2002
Location: Australia
Posts: 17,393
|
Quote:
The encrypted password is obtained by some other means, so all brute forcing happens locally. It's not the same as brute force login attempts to a remote server. |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#21 |
Confirmed User
Join Date: Nov 2005
Posts: 2,167
|
You lack basic understanding to understand how it works. Let people that are trained in security do that for you.
__________________
agentGFY *at* gmail.com |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#22 | |
Confirmed User
Join Date: Dec 2009
Posts: 2,157
|
Quote:
The point I am making is that most of these attempts are a waste of effort and its only a script kiddie who should be dumb enough to imagine that he's going to get anywhere. |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#23 |
Confirmed User
Join Date: Jun 2002
Posts: 9,506
|
Christians, lol
__________________
Vacares - Web Hosting, Domains, O365, Security & More Unparked domains burning a hole in your pocket? 5 Simple Ways to Make Easy $$$ from Unused Domains |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#24 | |
Making PHP work
Industry Role:
Join Date: Nov 2002
Location: 🌎🌅🌈🌇
Posts: 20,589
|
Quote:
The first sign of brute force is probably someone trying to login with : admin/imgod ![]() |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#25 |
Too lazy to wipe my ass
Industry Role:
Join Date: Aug 2002
Location: A Public Bathroom
Posts: 38,646
|
i kunt a4d a server...
![]() |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#26 |
Pay It Forward
Industry Role:
Join Date: Sep 2005
Location: Yo Mama House
Posts: 77,238
|
/dydytdy36447/admin.php
![]()
__________________
TRUMP 2025 KEKAW!!! - The Laken Riley Act Is Law! DACA ENDED - SUPPORT AZ HCR 2060 52R - email: brassballz-at-techie.com |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#27 |
Confirmed User
Industry Role:
Join Date: Jun 2014
Location: Scotland
Posts: 1,706
|
I used to be into hacking before i got into all this. They just use a bruteforce tool called sentry. Load it up with thousand and thousands of proxies plus thousands of logins (combos). If your sites have really good secuirity it doesnt really matter. They just extract the logins from similar sites which security is not so good and run them against your site. People are too lazy to use different passwords etc on each site and this is what bruteforcers prey on. Works 90% of the time. You wanna avoid it then generate people a login when they signup and dont let them pick there own
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#28 | |
Confirmed User
Industry Role:
Join Date: Oct 2006
Location: SWFL
Posts: 4,533
|
Quote:
It's pretty easy to bruteforce, especially with the free software out there to do it. Even programs that use OCR to read captcha's, perform form logins, etc.. It's relatively easy to get passwords to several servers and a few dozen members areas on top of that in just an hour or so.
__________________
400 HARDL1NKS only $117! - (100 for $45)
BL0G P0STS $1.85+ | 55,000 Word Comprehensive Synonym Database 2 REVIEW COPIES AVAIL AT 50% OFF! | 16 yr old Aged Domains 4Sale ICQ: 265-593-735 ~ Skype: Naughty-Pages ~ email: ez_money4u(at)comcast(dot)net |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#29 | |
Confirmed User
Industry Role:
Join Date: Jun 2003
Location: My High Horse
Posts: 6,334
|
Quote:
![]() ![]() ![]() ![]() ![]() ![]()
__________________
Mike South It's No wonder I took up drugs and alcohol, it's the only way I could dumb myself down enough to cope with the morons in this biz. |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#30 | ||
Confirmed User
Join Date: Nov 2005
Posts: 2,167
|
Quote:
Quote:
Stick to what you do.
__________________
agentGFY *at* gmail.com |
||
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#31 | |
Confirmed User
Join Date: Dec 2009
Posts: 2,157
|
Quote:
Incidently and I should have specified that im talking more about attacks on the admin side like trying to gain access in Root, SSH, Cpanel, WHM, FTP etc using brute force attacks. Which to my mind, is generally hopeless using that specific method. Im not talking about a vulnerability like heartbleed etc. Any admin with sense would have chosen a smart unknown login and a min 10 character password with upper, lower casings, multi character, alpha numeric etc. |
|
![]() |
![]() ![]() ![]() ![]() ![]() |