This tiny tutorial is brought to you by moneycodeking. If you're a guest or regular lurker be sure to signup to participate and be part of our informative community!
Hacker's mindset | Play along..
Generally speaking when so called 'hackers' or script kiddies try breaking through a particular login authentication system they first try doing it manually to see what type protection you have in place and guess how your system works by reading error messages to determine what type of attack to launch on that particular machine. Whether social engineering would be appropriate, or trying to find logical problem would be a better idea or simply executing a brute force attack.
Brute force attack
For those who do not know brute force a term for program that makes quick guesses. If a script kiddie visits your website and starts playing with login system, inserts wrong password, does it again and again. Eventually he will realize that there no protection against simple brute-force attack on your website and decide to launch brutus and brute force attack.
Lets backup a bit, what if the attacker visits your site, plays around and hits the login with wrong password and sees this message 'Our system will block your account after certain failed attempts' chances are he will just move on.. Even though there really is no back-end protection you just told him not to waste time and to go try hacking some other website.
Source: http://moneycodeking.com/showthread.php?tid=30
