The security team at the host claimed to see numerous brute force attacks that were successful. In other words someone put a bot on the log in form and cycled through ALL the possible characters for username and password until the right combination was hit. Supposedly, they could do this because cpHulkd - which looks for multiple log in failures and blocks the ip - was not enabled.
But upon thinking and reading about brute force attacks, we are scratching our heads. An eight digit password should take 2 centuries to cycle through all the possibilities, and ours were at least 10 digits. So it's not possible, unless the hackers has incredible technology, or we got faked out
This is where our connection to the dark side pays off. A long time ago, we got a very big hacker client out of a Google penalty, and to show us his appreciation this client has kept in touch with us, explaining the hacker perspective on all kinds of security issues. When asked if it is possible to speed up a brute force attack, he responded:
"No one uses brute force except idiots. Since the logs don't lie, you are misreading. Probably someone scored a bunch of username/password pairs from your desktop or emails and just hit your servers until they got in. If they have enough ips they will always succeed. The first failures will make it look like a bfa but it's much worse than that. You have a security breach somewhere."
Got it? Just because you see a bunch of failures preceding a successful hack, does not mean a brute force attack. In fact if your password was at least 8 digits, and the hack succeeded you can pretty much rest assured that it WASN'T a brute force attack.
The problem with misidentifying a successful hack as a brute force attack is that you put your security in the wrong place. If someone is able to hack your admin level entry, it is most likely stolen username/password pairs that got them in.
What these hackers do is look only for the username/password pairs - they don't spend time looking for what they're used for, although I'm sure they'll take that as well. All they need are enough pairs, enough resources (ips), and your log in urls. It's the ENDPOINT you need to protect - your email, your desktop, your files and data.
We have been told the hack of our server was a brute force attack and installed cpHulkd, only to be rehacked the next day. This explains what really happened. We will look at security issues on our machines, email. I'm sure there are many others who still don't know why they keep getting bogus brute force attacks. Thank you for posting this.
re1y.com
Enterprise SEO
Google Penalty Solutions
Automation & Search Compliance