Brute Force Attacks Against Joomla Websites

It’s an old school method of attack, but it’s back with a vengeance and with the help of a huge and evolving tool, the botnet. Let me explain what a brute force attack is, what botnets are, how they are working together, and what you can do to prevent brute force attacks against your Joomla website.

What is a brute force attack?

Brute force attacks are pretty much the most generic type of attack you can think of. If you have a Joomla website, your administrator login URL is pretty much evident. Yourdomain.com/administrator… From that screen, a brute force attack will basically use an automated script to plug in random usernames and passwords until it guesses your combination and has access to the backend of your website.

brute force attack

What is a botnet?

A botnet is a network of computers that have been infected with the same type of malware or virus. Once infected, these computers can be controlled by a central command which can use the individual computers to communicate with the internet and attempt to log in to you website.

In the past, we would see all the login attempts originating from the same computer, which would have a single IP address. That means a simple measure such as restricting the number of failed login attempts from the same IP address would essentially stop the brute force attack. The attacker would enter the wrong combination 5 times in a row, and the system would block that computer from attempting to log in again for a set period of time.

How do they work together?

When these attacks are being waged by a botnet, which could be comprised of 100,000 individual computers with 100,000 unique IP addresses, that old system of prevention is no longer enough to stop the attack. The attacker could literally switch to a new IP address every second for an entire day, or until one of the computers guessed the correct combination.

What to do?

So what can you do to stop brute force attacks against Joomla websites? At the moment, you can’t do much to stop the attack from occurring, but you can take steps to prevent the attack from being successful. If you are using a login username such as “Admin”, “Administrator”, or even your first name, you should change it immediately. Also, use a password with a combination of letters, numbers, cases, and symbols.

If you hire someone to do work on your website, create a login specifically for them and only with the access level they need to do their job. When they finish, delete the user. If they don’t absolutely need your FTP login, don’t give it to them. And you definitely want to be using the latest stable version of Joomla and have your extensions up to date! Just doing those few things will put you way ahead of the game.

As always, if you need professional help securing or removing malware from your website, we are here to help. Just send us a request, and we will get back to you ASAP. In the meantime, happy surfing!

How to prevent Joomla Brute Force Attack