In the olden days where brute-forcing actually worked, you’d just pretend you’re a different person.
You’d have a program which basically worked like this:
* You gave it a huge list of passwords to try
* You gave it a huge list of proxy servers to use. Think of a proxy server as another person tasked with giving the site the password attempt
* You told the program “Go tell this site that my password is: xxxxxx, if it fails try another password from the list, if it fails try another, if it fails a 3rd time, use a different proxy (ie tell another person to try three more passwords)”
So the program would pretend to be a different machine, connect, try 3 different passwords, then switch to pretending to be another machine, try 3 more and so on and so forth.
So what the site saw was different people trying 3 different passwords each.
Latest Answers