Friend and simple
A brute force attack is nothing more than a bot or a network of bots (robots) that try by the method "trial and error" to hit your password. Getting access he captures your password and comes back later through a hack, in a way through the front door of your site.
How to protect yourself: often create and exchange strong passwords, containing at least 8 characters, upper and lower case letters, numbers and special characters (!@#$%ˆ&*), and not putting words known or easy to discover, even if they are totally random.
keep your computer (especially if running Windows OS on it in any version) clean and away from viruses, with frequent checks with good antivirus (that free antivirus doesn’t always solve).
never, ever save passwords on your computer or ask the browser/browser to save for future access.
keylogger: (or keystroke logger), although often understood as spyware, is a computer program whose purpose is to record everything that is typed on a keyboard, most often aiming to capture passwords, credit card numbers and other important information. It has a typical functioning of viruses, as it is installed and acts without the user noticing its presence.
How to protect yourself: Maintaining an up-to-date antivirus is critical, even more so today when we are almost all connected to the internet, downloading files, exchanging music, videos and testing programs and games.
Sql Injection: is an attack consisting of inserting (known as an injection) a query via a web application. Locaweb always takes every precaution regarding updates to avoid any security breaches on the websites hosted.
However sometimes vulnerabilities arise that are exploited through programming, not advancing the precautions we take.
Such vulnerabilities are present in codes (ASP, PHP, etc.) placed by the clients themselves. This is the case with "SQL Injection", a loophole through which an attacker can execute arbitrary queries or statements on a relational basis via "injection" of commands into form fields.
How to protect yourself: Using the addslashes() function has the same effect as enabling Magic Quotes, but only applies where convenient. What it does is put an escapement character before single or double quotes, before the backslash and the NULL character.
Using 'Prepared statements' instead of the SQL code itself assigning all other prevention measures to use this, would give us more performance and security, besides being simpler to read and write. However, it can only be used in SELECT, INSERT, UPDATE, REPLACE, DELETE and CREATE TABLE.
$login = $_GET['login'] $query = "SELECT * FROM records where login = '$login'";
It would look like this:
$query = "SELECT * FROM records WHERE login = OR 1";
Rubber hose cryptanalysis: In cryptography, rubber hose cryptanalysis is the extortion of cryptographic secrets (e.g., the password to an encrypted file) of a person by coercion or torture,[1] [2] in contrast to the attack of mathematical or technical cryptanalysis. Euphemism refers to striking someone with a rubber hose until they cooperate.
How to protect yourself: Training users for any kind of torture.
I’ve read several stories about the 4 types of problems but I need to know better, if anyone can help me, I appreciate.
– Tiago
Related: How an SQL Injection Happens
– Wallace Maxters
Related: What is PHP Injection and what is the difference between it and SQL Injection?
– Wallace Maxters
It’s good to read the content already present on the site, so you can honor those who have endeavored to bring the content in the sense that you are looking for.
– Wallace Maxters
Wouldn’t it be better to create a separate question for each type of attack? Renan’s answer summarizes well, but some things could be much more detailed (there is much to be said about brute force attacks, for example), and you can’t do this with "4 questions in 1"...
– mgibsonbr