A brute force attack is just a trial and error process, that runs repeatedly to obtain the correct username and password information. An automated software is being used in this process which does not decrypt the information but just continue trying with set of words and letters.. Millions of IP’s and huge number of computers are involved in this process to check different username and password combinations and avoid triggering multiple attempt limits.
Just to illustrate the amplitude of this kind of attack over Joomla sites, here are some raw figures published by Sucuri, a popular online security service related to the Joomla sites protected by their services:
- December 2012: 678,519 login attempts blocked.
- January 2013: 1,252,308 login attempts blocked.
- February 2013: 1,034,323 login attempts blocked.
- March 2013: 950,389 login attempts blocked.
- April 2013: 774,104 login attempts blocked for the first 10 days.