VOGONS


Reply 40 of 42, by clueless1

User metadata
Rank l33t
Rank
l33t
ZellSF wrote:
clueless1 wrote:
ZellSF wrote:

No one's brute forcing passwords though.

If that's true, then why are there so many brute force tools?

I should have specified, no one brute forces passwords to online accounts.

Even for offline passwords, brute forcing is a last resort. Who doesn't try "Password" before they try "xJ1%^ao2I,"? It only makes sense if you know the password is randomly generated and most people don't do that.

The attachment bruteforce.png is no longer available

26 attempts in a 58 minute period from same IP and user agent. Wouldn't that be considered a brute force attack on an online account?

The more I learn, the more I realize how much I don't know.
OPL3 FM vs. Roland MT-32 vs. General MIDI DOS Game Comparison
Let's benchmark our systems with cache disabled
DOS PCI Graphics Card Benchmarks

Reply 41 of 42, by dr_st

User metadata
Rank l33t
Rank
l33t

26 attempts in 58 minutes? I'd say it's more like a "weak force" attack. 😁

https://cloakedthargoid.wordpress.com/ - Random content on hardware, software, games and toys

Reply 42 of 42, by clueless1

User metadata
Rank l33t
Rank
l33t
dr_st wrote:

26 attempts in 58 minutes? I'd say it's more like a "weak force" attack. 😁

Obviously they were doing this manually to try not to trigger the brute force lockout, but it was relevant because it just happened overnight while this topic was fresh in my mind. 😀 But I've seen much worse on a Wordpress site, where they trigger the 10 failed attempt lockout within a matter of seconds. The point is, Wordpress sites are a big attack vector for online brute forcing. My sites are tiny, with little traffic. I can only imagine what a high traffic site's logs look like.

The more I learn, the more I realize how much I don't know.
OPL3 FM vs. Roland MT-32 vs. General MIDI DOS Game Comparison
Let's benchmark our systems with cache disabled
DOS PCI Graphics Card Benchmarks