Details on brute force attacks

  • Resolved Syncly.it

    (@elnath78)


    4 years, 11 months ago

    Is it possible to check the test they have made to enter the site, for example is it possible to see the password that they have used (tried to)? It would shed some lights for example on where they have gotten this password. Fore example if they manage to leak the password for a website/account they might try that one on all the saved bookmarks of infected PC. I noticed that they are trying user/website combinations that exist in one site but not in another, probably resolving by the IP.

Viewing 1 replies (of 1 total)
  • wfdave

    (@wfdave)

    4 years, 11 months ago

    Hi @elnath78,

    It’s dangerous to log passwords in plaintext. Note that passwords aren’t even stored in the database in plaintext.

    Imagine if someone attempted to log into their account, but simply mistyped their password a few times – then all of a sudden their slightly incorrect password would be logged. If an attacker were to access this log, they would be able to target this user’s accounts found on different sites with the same/similar password.

    What I can recommend is enabling Prevent the use of passwords leaked in data breaches found within Wordfence -> All Options.

    For example: https://i.imgur.com/EsYBtmG.png

    For any large-scale password leaks, passwords that exists on these lists will not be acceptable for login / registration.

    Dave

Viewing 1 replies (of 1 total)
  • The topic ‘Details on brute force attacks’ is closed to new replies.