What’s happening?

Over the past several weeks, our System Administration Team has identified an exponential increase in brute force attacks against Joomla driven websites.
Question |
What is a brute force attack against a Joomla website? |
Answer |
A brute force attack against a Joomla website involves bots repeatedly trying to login to your Joomla /administrator by guessing the username and password. While it’s almost impossible to guess a username and password on the first try, these bots are trying 1000’s of username / password combinations, which is increasing the odds of a successful breach of your website. |
What is InMotion Hosting doing?
When our System Administration Team identified the influx of brute force attempts against Joomla websites, they implemented a security rule on the server to thwart the attacks. With this new security measure in place, bots will no longer be able to guess 1000’s of username / password combinations, they will be stopped at a much lower attempt. This should drop their success rate on attacks to near 0%.
What should I do
While we are preventing most of the brute force attempts against Joomla sites, there may still be bots that are able to repeatedly guess your username and password. You can protect yourself from these bots by:
- Ensuring you are using a secure password
- Adding an additional username / password to your /administrator folder