They avoid getting banned by avoid being detected. If you run a server that has 1000 users online at any given time, determining that 1 out of those 1,000 is a hacker can be very hard.
It’s a bit like asking, “how do you stop shoplifters from getting into a shopping mall?”. It’s impossible to tell a shoplifter apart from a legitimate customer, and even if you have that person on file for previously shoplifting, detecting them out of the thousands of other customers you have is very, very hard.
There are a lot of possible answers:
1. Sometimes they do get banned, and must deal with it
2. Sometimes they already have correct username and password combinations, and hence get in on their first try. This is why you don’t share your password with anyone and why you use different passwords for each site.
3. Sometimes they get banned, and need to use a service like a VPN to seem like a different user and keep trying
4. Sometimes the victim doesn’t have a very good security policy and doesn’t ban repeated offenders.
Of course this assumes the hacker is trying to go in through the front door. Often they try the back door, which has no ban system and should not be publicly exposed at all. This is why you can hire a hacker and ask them to try to break into your system to find the stuff you don’t realize is there.
Latest Answers