Waxaa jira habab badan oo ay tuugtu u adeegsadaan in ay galaan kombuyuutar, shabakad kombuyuutar, mareegaha ama adeegga internetka. Fulinta Weerar Xoogan^{(Brute Force Attack)} ayaa ka mid ah. Waa mid ka mid ah habka ugu fudud, haddana waqti-qaadka ah ee lagu jabsado server-ka ama kumbuyuutarka caadiga ah. Habka weerarka xoogga Brute wuxuu leeyahay faa'iidooyinkiisa - sidoo kale waxaa loo isticmaali karaa in lagu hubiyo ammaanka shabakada iyo in lagu soo celiyo ereyada sirta ah ee la illoobay. Maqaalkan, waxaan isku dayi doonaa oo aan fahmi doonaa qeexida Khatarta Xoog^{(Brute Force Attack)} -saarka oo aan aragno habka ka hortagga aasaasiga ah.

Weerarada Xoogga

A Brute Force Attack waa nooc ka mid ah Weerarka Cyber^{(Cyber Attack)} , halkaas oo aad haysato software ku wareegaya xarfo kala duwan si aad u abuurto furaha sirta ah ee suurtogalka ah. Qalabka sirta ah ee Brute Force Attack^{(Brute Force Attack)} software cracker wuxuu si fudud u isticmaalaa dhammaan isku darka suurtogalka ah si uu u ogaado furaha sirta ah ee kombuyuutarka ama serverka shabakadda. Way fududahay oo ma shaqaalayso farsamooyin caqli-gal ah. Maadaama ay xisaabta ku saleysan tahay, waxay qaadaneysaa waqti yar in la jebiyo erayga sirta ah iyadoo la adeegsanayo codsiyada xoogga ah halkii aad gacanta ku ogaan lahayd. Waxa aan idhi xisaab ku salaysan sababtoo ah kombayutarada ayaa ku fiican xisaabta oo waxay ku sameeyaan xisaabinta noocan oo kale ah ilbiriqsiyo kala qaybsan marka la barbar dhigo maskaxda bini'aadamka, taas oo qaadanaysa waqti dheer si loo abuuro isku-darka.

Weerarka Xoog-saarka^{(Brute Force Attack)} waa mid wanaagsan ama xun iyadoo ku xiran qofka isticmaalaya. Waxay noqon kartaa dambiilaha internetka oo isku dayaya inuu jabsado server-ka shabakada ama waxay noqon kartaa maamulaha shabakad isku dayaya inuu arko sida ay u badbaadsan tahay shabakadiisa. Isticmaalayaasha kombuyuutarrada qaarkood ayaa sidoo kale isticmaala apps-ka xoog si ay u soo ceshadaan ereyada sirta ah ee la illoobay.

Xawaaraha xisaabinta & furaha sirta ah ayaa muhiim ah inta lagu jiro Weerarada Xoogaga Khaaska ah^{(Brute Force Attacks)}

Haddii aad isticmaalayso dhammaan xarfaha hoose oo aanad lahayn xarfo ama lambaro gaar ah, waxay noqon kartaa shaqo kaliya 2-10 daqiiqo ka hor inta uusan weerar xoog ah dhicin uusan furin erayga sirta ah. Si kastaba ha ahaatee, isku darka xarfaha waaweyn iyo kuwa yaryar oo ay weheliyaan nambar (malaha inay jiraan siddeed nambar), waxay qaadan doontaa in ka badan 14-15 sano si ay u furaan erayga sirta ah.

Waxay sidoo kale ku xiran tahay xawaaraha processor-ka kumbuyuutarka, ilaa inta ay qaadanayso in la jebiyo erayga sirta ah ee shabakadda ama gelitaanka caadiga ah ee kumbuyuutarka Windows -ka ah.

Markaa waxay macno badan samaynaysaa in la haysto furaha sirta ah ee xooggan. Si aad u abuurto furaha sirta ah ee xooggan, waxaad isticmaali kartaa xarfaha ASCII si aad u abuurto furaha sirta ah ee xooggan . Xarfaha ASCII^{(ASCII characters)} waxay tixraacayaan dhammaan jilayaasha laga heli karo kiiboodhka iyo in ka badan (waxaad ku arki kartaa adiga oo riixaya ALT+numbers (0-255) ee Numpad ). Waxa jira 255 xaraf oo ASCII ah mid walbana waxa uu leeyahay kood lagu akhriyo mishiinka oo loo beddelo binary (0 ama 1) si loogu isticmaalo kombayutarada. Tusaale ahaan, ASCII code ee "space" waa 32. Markaad gasho meel bannaan, kombuyuutarku wuxuu u akhriyaa sida 32 wuxuuna u beddelaa binary - kaas oo noqon doona 10000. Kuwan 1, 0, 0, 0, 0, 0 waa la kaydiyaa. sida ON , DAM^(OFF)DAM^(OFF) , DAM , DAM , DAMN , DAMN , DAMN , DAMN , DAMN , DAMN , DAMN , DAMN , DAMN , DAMN , DAMN , DAMNAYA , DAMNAYAAN^(OFF) IN XUSUUSTA ^(OFF)KUSUUUTIRKA^(OFF) (taas oo ka samaysan furayaasha elektarooniga ah). Tani wax shaqo ah kuma lahan xoog wax-ku-ool ah marka laga reebo in haddii la isticmaalo dhammaan xarfaha ASCII^(ASCII) haddii aad isticmaasho xuruuf gaar ah erayga sirta ah, wadarta wakhtiga lagu qaadayo fur-furka erayga sirta ah wuxuu socon karaa in ka badan 100 sano ama wax ka badan. Waxaan uga hadlay ASCII dadka aan garanayn sida jilayaasha loogu kaydiyo xusuusta kombiyuutarka.

Halkan waxaa ah xiriiriye^{(Here is a link)} xisaabiyaha sirta ah ee xoogga ah^{(Brute Force Password Calculator)} , halkaas oo aad ka hubin karto inta ay qaadanayso in la jabiyo erayga sirta ah. Waxaa jira xulashooyin kala duwan oo la bixiyay oo ay ku jiraan xarfo yaryar, xarfo waaweyn, lambar, iyo dhammaan xarfaha ASCII^(ASCII) . Iyada oo ku saleysan waxa aad ku isticmaashay eraygaaga sirta ah, dooro xulashooyinka oo dhagsii xisaabi si aad u aragto sida ay ugu adag tahay weerarka^(Brute) xoogga ah in uu waxyeeleeyo kombiyuutarkaaga ama server-kaaga.

Kahortagga^{(Brute Force Attack Prevention)} & Ilaalinta Weerarkii Xoogga^(Protection)

Maadaama aysan jirin caqli-gal gaar ah oo lagu dabaqo weerarrada xoogga ah marka laga reebo isku dayga kala duwan ee jilayaasha loo isticmaalo abuurista erayga sirta ah, ka hortagga heer aad u aasaasi ah, waa mid sahlan.

Marka laga reebo isticmaalka nidaamka hawlgalka Windows^(Windows) oo si buuxda loo cusboonaysiiyay iyo software amniga, waa inaad isticmaashaa furaha sirta ah ee xooggan^{(strong password)} kaas oo leh qaar ka mid ah sifooyinka soo socda:

1. Ugu yaraan hal xaraf oo waaweyn
2. Ugu yaraan hal lambar
3. Ugu yaraan hal dabeecad gaar ah
4. Eraygu waa inuu ahaadaa ugu yaraan 8-10 xaraf
5. Jilayaasha ASCII, haddii aad rabto.

Inta uu dheer yahay erayga sirta ah, waa intay sii badanaysaa wakhtiga ay qaadanayso in la jabiyo erayga sirta ah. Haddii eraygaaga sirta ah uu yahay shay la mid ah 'PA$$w0rd', waxay qaadan doontaa in ka badan 100 sano in lagu jabiyo abka weerarrada xoogga ah ee hadda la heli karo. Fadlan ha isticmaalin erayga sirta ah ee la soo jeediyay ee tusaalaha ah, maadaama ay aad u fududahay in la jebiyo adigoo isticmaalaya software caqli-gal ah oo ka baxa saaxadda weerarrada xoogga ah.

PassBox-kayaga freeware waa qalab yar oo anfacaya kaas oo xasuusan doona dhammaan furahaaga sirta ah oo xitaa u soo saari doona furaha sirta ah ee akoonkaaga - ama waxaad isticmaali kartaa qaar ka mid ah koronto-dhaliyaha sirta ah ee khadka tooska ah^{(online password generator )} si aad u abuurto ereyo sir ah oo qarsoodi ah. Markaad taas samaysay, ku tijaabi eraygaaga sirta ah ee cusub Microsoft's Password Checker . Hubiyaha sirta^{(Password Checker)} ah ayaa qiimeeya xoogga eraygaaga sirta ah marka aad wax qorayso.

Akhriso la xidhiidha^{(Related read)} : Waa maxay Weerarka lagu buufiyo Password^{(Password Spray Attack)} -ka ?

Haddii aad isticmaalayso software website WordPress , ka dibna waxaa sidoo kale jira plugins ammaanka WordPress oo badan oo si toos ah u xannibi weerarrada xoogga caayaan. Isticmaalka dab-damiska shabakada sida Sucuri ama Cloudflare waa ikhtiyaar kale oo aad tixgelin karto. Hal dariiqo oo lagu xannibo weerarrada xoogga ah waa in la xidho akoonnada ka dib tiro qeexan oo isku dayo sirta ah oo fashilmay. The Limit Logins^{(Limit Logins WordPress)} plugin WordPress wuxuu u fiican yahay joojinta weerarrada xoogga ah ee balooggaaga. Tallaabooyinka kale waxaa ka mid ah u oggolaanshaha ka soo gelida kaliya ee cinwaannada IP-da, beddelidda URL^(URLs) -yada gelitaanka caadiga ah wax kale, iyo adeegsiga Captcha's si loo adkeeyo amniga bloggaaga WordPress^{(harden your WordPress blog security)} .

Akhri soo socda^{(Read next)} : Sida loo xakameeyo Weerrarada Xoogagga Khaaska ah ee Windows Server .

Brute Force Attacks - Definition and Prevention

There are mаny methods hackers use to get into a cоmpυter, computer network, a website or online service. Carrying oυt a Brute Force Attack is one of them. It is one of the simplest, yet time-consuming method to hack a server or a normal computer. The Brute force attack mechanism has its advantages – it can also be used to check network security and to recover forgotten passwords. In this post, we will try and understand Brute Force Attack definition and see the basic prevention method.

Brute Force Attacks

A Brute Force Attack is a type of Cyber Attack, where you have a software spinning up different characters to create a possible password combination. The Brute Force Attack password cracker software simply uses all possible combinations to figure out passwords for a computer or a network server. It is simple and does not employ any intelligent techniques. Since it is math-based, it takes less time to crack a password using brute force applications rather than figuring them out manually. I said math-based because computers are good at math and perform such calculations in split seconds compared to human brains, which take longer to create combinations.

Brute Force Attack is good or bad depending upon the person using it. It could be a cybercriminal trying to hack into a network server or it could be a network admin trying to see how secure his or her network is. Some computer users also use brute force apps to recover forgotten passwords.

Speed of computing & passwords matter during Brute Force Attacks

If you are using all lower letters and no special characters or digits, it might be a work of just 2-10 minutes before a brute force attack can crack the password. However, a combination of upper case and lower case letters along with a digit (supposing there are eight digits), will take more than 14-15 years to crack the password.

It also depends upon the speed of the computer processor, as to how long it takes to crack the password of the network or normal login to a Windows standalone computer.

Thus it makes a lot of sense to have strong passwords. To create really strong passwords, you can make use of ASCII characters to create stronger passwords. ASCII characters refer to all the characters available on the keyboard and more (you can see them by pressing ALT+numbers (0-255) on Numpad). There are some 255 ASCII characters and each one has a code that is read by machine and converted to binary (0 or 1) so that it can be used with computers. For example, the ASCII code for “space” is 32. When you enter a space, the computer reads it as 32 and converts it into binary – which would be 10000. These 1, 0, 0, 0, 0, 0 are stored as ON, OFF, OFF, OFF, OFF, OFF in the computer’s memory (that is made of electronic switches). This has nothing to do with brute force except that in case of use of all ASCII characters if you use special characters in the password, the total time taken to crack the password could run above 100 years or so. I spoke about ASCII for people who do not know how characters are stored in the computer’s memory.

Here is a link to a Brute Force Password Calculator, where you can check out how long it will take to crack a password. There are different options given that include lower case letters, upper case letters, digits, and all ASCII characters. Based on what you used in your password, select the options and click on calculate to see how difficult it would be for a Brute force attack to compromise your computer or server.

Brute Force Attack Prevention & Protection

Since no special logic is applied in brute force attacks except for trying out different combinations of characters used for the creation of a password, prevention on a very basic level, is relatively easy.

Apart from using a fully updated Windows operating system and security software, you should use a strong password that has some of the following characteristics:

1. At least one upper case letter
2. At least one digit
3. At least one special character
4. The password should be a minimum of 8-10 characters
5. ASCII characters, if you wish.

The lengthier a password is, the more time it will take to crack the password. If your password is something like ‘PA$$w0rd”, it will take more than a 100 years to crack it with currently available brute force attack apps. Please do not use the suggested password in the example, as it is very easy to break it using some intelligent software that falls out of the realm of brute force attacks.

Our freeware PassBox is a handy little tool that will remember all your passwords and even generate strong passwords for your account – or you could use some free online password generator to create strong passwords anonymously. Having done that, test your new password with Microsoft’s Password Checker. The Password Checker evaluates your password’s strength as you type.

Related read: What is a Password Spray Attack?

If you are using WordPress website software, then there are also many WordPress security plugins that automatically block brute force attacks. Using a web firewall like Sucuri or Cloudflare is another option you can consider.  One way to block brute-force attacks is to lock out accounts after a defined number of failed password attempts. The Limit Logins WordPress plugin is good for stopping brute force attacks on your blog. Other measures include allowing logins from only select IP addresses, changing default login URLs to something else, and using Captcha’s to harden your WordPress blog security.

Read next: How to block Brute Force Attacks on Windows Server.

Related posts

• DDoS Qaybsan Diidmada Adeegga Weerarada: Ilaalinta, Ka Hortagga

• Ku qas Internet Explorer inuu soo celiyo fadhigii ugu dambeeyay ee wax raadinta

• Arag, kaabi, oo tirtir furaha la kaydiyay ee Internet Explorer

• Dami Internet Explorer 11 sidii biraawsar u taagan oo kali ah addoo isticmaalaya Siyaasadda Kooxda

• Sida loo hubiyo in ciwaanka IP-gaagu uu soo daadanayo

• Xawaaraha Kooxda ee Firefox: Goobaha Internetka ee Muhiimka ah ee Fartaada ku yaal

• Sida loo sameeyo isku xirka internetka Windows 11/10

• Hubi haddii ku xidhidhiyahaaga intarneetku uu awood u leeyahay in uu daawado nuxurka 4K

• Edge iyo Store apps aan ku xidhnayn internetka - Khaladka 80072EFD

• Ethernet waxay sii wadaa goynta gudaha Windows 11/10

• Sida loo joojiyo xayaysiisyada Google-ka inay igala socdaan internetka

• Kala soco xidhiidhkaaga intarneed iyo mareegahaaga OverSite

• Tilmaamaha DNS: U wanaaji isku xirka internetkaaga xawaaraha

• Dib u eegis Yandex DNS: Degdeg badan, Internet ka ammaansan oo leh kontaroolo

• Si degdeg ah uga haajiro Internet Explorer una guurto Edge adigoo isticmaalaya qalabkan

• Sida loo ogaado ama loo hubiyo halka isku xidhka ama URL loo jiheeyo

• Wi-Fi vs Ethernet: keebaa isticmaaleysaa?

• Internet Explorer shil ay sabab u tahay ertutil.dll on Windows 10

• Sida loogu daro goob la aamini karo gudaha Windows 11/10

• Dejinta ammaanka hadda ma oggola in faylkan la soo dejiyo