Thursday 23 May 2024 04:38 PM   Your IP:
Structural SEO
Home       SEO Enterprise Blog       Search Compliance       Structural SEO       The Semantic Imperative       About      

Enterprise SEO Blog

re1y roll
Gaming Google In The Gaming Industry
Bob Sakayama
2013-03-23 18:27:43
2012 SEO Disasters | Solutions
Bob Sakayama
2012-12-16 14:03:29
Google May Be Quietly Acknowledging Negative SEO
Bob Sakayama
2012-08-30 15:29:12
Unnatural Links Warning
Bob Sakayama
2012-07-25 17:05:11
Penguin Inadvertently Makes Paid Links More Valuable
Bob Sakayama
2012-04-29 14:01:46
Occupy Google
Bob Sakayama
2011-11-04 12:57:49
Google Has Lost The War Against Paid Links
Bob Sakayama
2011-05-07 16:33:19
Google Penalties Now Called Manual Actions
Bob Sakayama
2011-04-23 16:27:14
Google Bomb Today
Ryan Urban
2011-04-11 17:05:11
Penalized Site Seeks Help:
Valmir Fernandes
2011-03-17 17:56:06
Did The Hammer Come Down On Content Aggregators
Bob Sakayama
2011-03-02 22:22:24
Enterprise Search Manipulation
Bob Sakayama
2011-02-19 19:12:08
Google Has A Huge Cloaking Problem
Bob Sakayama
2011-01-21 20:33:20
A Sorry Tale of a Google Penalty in Action
Dr. Marc Pinter-Krainer
2010-12-13 11:46:50
A New Google Penalty
Bob Sakayama
2010-11-28 21:49:40
The Archive Link Magnet
Bob Sakayama
2010-08-12 20:39:05
Coping With The Loss of Link Metrics
Bob Sakayama
2010-07-25 03:10:26 Penalized
2010-07-22 15:19:42
Automating Compliance Via CMS
Rev Sale
2010-07-15 22:43:15
Caffeine May Have A Hidden Cost
Bob Sakayama
2010-07-08 11:35:34
Google Penalties And Nuked Domains
Bob Sakayama
2009-11-28 21:09:30
When Google Doesn't Like Your Business Model
2009-11-09 12:41:20
Search Compliance For Subdomains
2009-11-09 11:51:10
Google Penalty Solutions - An Example Unwind
Bob Sakayama
2009-11-04 21:21:01
Maintaining Search Compliance via CMS
2009-11-03 22:35:15
Still Reeling From The Affiliate Slap
2009-11-02 22:47:01
Most Popular Penalties
Bob Sakayama
2009-11-01 22:06:52
Link Obfuscation Necessary On New Sites
Rev Sale
2009-11-01 21:46:56
By: Rev Sale
2010-08-26 21:42:58
This post references my previous post, where a client's dedicated servers were hacked.

The security team at the host claimed to see numerous brute force attacks that were successful. In other words someone put a bot on the log in form and cycled through ALL the possible characters for username and password until the right combination was hit. Supposedly, they could do this because cpHulkd - which looks for multiple log in failures and blocks the ip - was not enabled.

But upon thinking and reading about brute force attacks, we are scratching our heads. An eight digit password should take 2 centuries to cycle through all the possibilities, and ours were at least 10 digits. So it's not possible, unless the hackers has incredible technology, or we got faked out

This is where our connection to the dark side pays off. A long time ago, we got a very big hacker client out of a Google penalty, and to show us his appreciation this client has kept in touch with us, explaining the hacker perspective on all kinds of security issues. When asked if it is possible to speed up a brute force attack, he responded:

"No one uses brute force except idiots. Since the logs don't lie, you are misreading. Probably someone scored a bunch of username/password pairs from your desktop or emails and just hit your servers until they got in. If they have enough ips they will always succeed. The first failures will make it look like a bfa but it's much worse than that. You have a security breach somewhere."

Got it? Just because you see a bunch of failures preceding a successful hack, does not mean a brute force attack. In fact if your password was at least 8 digits, and the hack succeeded you can pretty much rest assured that it WASN'T a brute force attack.

The problem with misidentifying a successful hack as a brute force attack is that you put your security in the wrong place. If someone is able to hack your admin level entry, it is most likely stolen username/password pairs that got them in.

What these hackers do is look only for the username/password pairs - they don't spend time looking for what they're used for, although I'm sure they'll take that as well. All they need are enough pairs, enough resources (ips), and your log in urls. It's the ENDPOINT you need to protect - your email, your desktop, your files and data.

Blog_id: 22 | Posted: 2010-08-26 21:42:58 | Views (6,394) | Comments (1)  
Comment By: mmanley
re: A Brute Force Attack May NOT Be A Brute Force Attack
(posted 2010-09-30 13:57:55)

We have been told the hack of our server was a brute force attack and installed cpHulkd, only to be rehacked the next day. This explains what really happened. We will look at security issues on our machines, email. I'm sure there are many others who still don't know why they keep getting bogus brute force attacks. Thank you for posting this.

Home       SEO Enterprise Blog       Search Compliance       Structural SEO       The Semantic Imperative       About
Enterprise SEO
Google Penalty Solutions
Automation & Search Compliance

Looking for SEO enabled content management systems with structural, semantic optimization built into the cms? You're on the right site. Research identified targets are implemented within the markup, content, and filenames to enable the site to rank as high as possible based upon semantic relevance. 34789366G off site content requirements