ZellSF wrote:

clueless1 wrote:

ZellSF wrote:

No one's brute forcing passwords though.

If that's true, then why are there so many brute force tools?

I should have specified, no one brute forces passwords to online accounts.

Even for offline passwords, brute forcing is a last resort. Who doesn't try "Password" before they try "xJ1%^ao2I,"? It only makes sense if you know the password is randomly generated and most people don't do that.

26 attempts in a 58 minute period from same IP and user agent. Wouldn't that be considered a brute force attack on an online account?

26 attempts in 58 minutes? I'd say it's more like a "weak force" attack. 😁

dr_st wrote:

26 attempts in 58 minutes? I'd say it's more like a "weak force" attack. 😁

Obviously they were doing this manually to try not to trigger the brute force lockout, but it was relevant because it just happened overnight while this topic was fresh in my mind. 😀 But I've seen much worse on a Wordpress site, where they trigger the 10 failed attempt lockout within a matter of seconds. The point is, Wordpress sites are a big attack vector for online brute forcing. My sites are tiny, with little traffic. I can only imagine what a high traffic site's logs look like.