A brute force attack is an attack in which a program or piece of code automatically attempts to hack into your web site or server by systematically entering all possible passwords. (Tip: Almost all attacks will use the default usernames of 'admin', 'administrator' or 'root' as they cycle through possible passwords. Make sure to change your username to something unique - preferably not related to your site's title or url - to make their job harder!)

Although this task is an extensive one, the encryption protecting your information is essentially just mathematics, and we all know that computers are constantly getting better and faster at running mathematical equations.

Brute force attacks are a huge concern not only for the security risks they pose but also because they can be a huge strain on your site's bandwidth and resources. Entering an incorrect password might not seem like it would take up a lot of bandwidth, but when it's happening every two minutes it can very quickly drain resources that your server needs to adequately perform other tasks. 

At Rhyemedia, our server's firewall blocks the attempted attacks on our server, but for individual CMS sites an extension is needed to prevent the attacks.

For Joomla sites we use Brute Force Stop. This extension is great as it gives you access to in depth records of all attempted log ins and allows you to choose how many attempts an IP address can make at logging in before being permanently blocked (at Rhyemedia all IP addresses are blocked after five unsuccessful attempts). You can configure notifications about failed log ins and blocked IP addresses, and you can also set the amount of time required between a failed log in and a new attempt. You can also view and modify existing blocks. 

While on the topic of security for Joomla, we'd like to remind everyone that Joomla released a new security patch a fortnight ago. No matter which version you're currently running, it is vital that you have your CMS updated and this new patch installed. There have been security vulnerabilities discovered, and without the patch you run the very high risk of having your entire website hacked and blacklisted. If you haven't already, please get in touch with us as soon as possible so we can discuss installing the patch with you before anything goes wrong. 

If you have any questions, concerns or queries about brute force attacks, or anything at all, you  can get in touch with Rhye Media on Facebook, twitter and Google+. You can also use our online help system if you need any help with your own website, or are interested in having one made for your business. We look forward to hearing from you!