Hacked By Xanzz – 31: Brute Force Vulnerability on unras-bkl.ac.id

Prio Susanto, S.Ikom

Hacked By Xanzz 31 is a security research demonstration. Hacked By Xanzz 31 found a brute force vulnerability on unras-bkl.ac.id. No website was actually hacked or defaced. Hacked By Xanzz 31 followed ethical rules.

==============================================
# Hacked By Xanzz 31
# Security Research – Brute Force Case Study
# Target: unras-bkl.ac.id
==============================================

[!] EDUCATIONAL PURPOSE ONLY
[!] No deface, no data theft, no damage

———————————————-

## Hacked By Xanzz 31: Overview

Hacked By Xanzx 31 is not a real deface. Hacked By Xanzz 31 performed a simulated security audit. The goal of Hacked By Xanzz 31 is to show how brute force attacks work. Hacked By Xanzz 31 also wants to help website owners prevent attacks.

Target website: https://unras-bkl.ac.id (Universitas Ratu Samban, Bengkulu)

Date of research: 2026-05-08

Researcher: Hacked By Xanzz 31

Vulnerability type: Brute force (no rate limiting)

Risk level: High if exploited by black hat hackers

———————————————-

## How Hacked By Xanzz 31 Found the Vulnerability

Hacked By Xanzz 31 tested the login panel with only 5 failed attempts. Here is what Hacked By Xanzz 31 observed:

1. No rate limiting – after 5 failed logins, the system still accepted new attempts immediately
2. No CAPTCHA – not even after multiple failures
3. No account lockout – the admin account remained active
4. Informative error messages – the system said “username not found” vs “wrong password”

These 4 issues make the website vulnerable to automated brute force tools. Hacked By Xanzz 31 confirmed these issues without causing any damage.

———————————————-

## What Hacked By Xanzz 31 Did NOT Do

Hacked By Xanzz 31 followed ethical rules. Hacked By Xanzz 31 never:

– Did NOT guess more than 5 passwords
– Did NOT access any database
– Did NOT change or delete any content
– Did NOT install backdoor
– Did NOT share real credentials anywhere

This is responsible disclosure from Hacked By Xanzz 31, not cyber crime.

———————————————-

## Table of Contents

1. Overview of Hacked By Xanzz 31 Research
2. How Hacked By Xanzz 31 Found the Vulnerability
3. What Hacked By Xanzz 31 Did NOT Do
4. Potential Impact of Brute Force
5. Technical Proof of Concept by Hacked By Xanzz 31
6. Security Recommendations from Hacked By Xanzz 31
7. External Resources
8. Internal Resources
9. Contact Hacked By Xanzz 31

———————————————-

## Screenshot (Add Your Image Here)

[Upload gambar login page unras-bkl.ac.id]

**Alt text untuk gambar:** Hacked By Xanzz 31 login panel tanpa rate limiting

**Caption:** Hacked By Xanzz 31 menunjukkan halaman login vulnerable

———————————————-

## Potential Impact (If Black Hat Exploited This)

If a black hat hacker exploited this brute force vulnerability, the impact would be:

1. Admin account takeover within hours
2. Deface page (similar to this post’s style but malicious)
3. Theft of student and lecturer personal data
4. Permanent backdoor installation
5. Website blacklisted by Google
6. Loss of university reputation

This is why Hacked By Xanzz 31 publishes this research. Hacked By Xanzz 31 wants to prevent real attacks before they happen.

———————————————-

## Technical Proof of Concept by Hacked By Xanzz 31

Here is a simulation of how brute force would work according to Hacked By Xanzz 31:
[Attempt 1] POST /login.php → admin:123456 → Failed
[Attempt 2] POST /login.php → admin:password → Failed
[Attempt 3] POST /login.php → admin:admin123 → Failed
[Attempt 4] POST /login.php → admin:qwerty → Failed
[Attempt 5] POST /login.php → admin:letmein → Failed
[Attempt 6] POST /login.php → admin:admin → Success (simulation)

Because there is no rate limiting, an attacker could try millions of passwords per day. Hacked By Xanzz 31 stopped after 5 attempts to remain ethical.

———————————————-

## Security Recommendations from Hacked By Xanzz 31

If you are the administrator of unras-bkl.ac.id, please implement these fixes recommended by Hacked By Xanzz 31:

### H2: Patch #1 – Rate Limiting

Allow only 5 failed attempts per 15 minutes. Hacked By Xanzz 31 suggests using plugins like Limit Login Attempts Reloaded.

### H2: Patch #2 – Google reCAPTCHA v3

Block automated bots. Hacked By Xanzz 31 recommends reCAPTCHA on all login forms.

### H2: Patch #3 – Two Factor Authentication (2FA)

Hacked By Xanzz 31 strongly recommends 2FA for all admin accounts using Google Authenticator.

### H2: Patch #4 – Generic Error Messages

Show “Invalid credentials” only. Hacked By Xanzz 31 found that current error messages leak username existence.

### H2: Patch #5 – Strong Password Policy

Minimum 12 characters with uppercase, numbers, symbols. Hacked By Xanzz 31 suggests enforcing this via WordPress.

### H2: Patch #6 – Fail2ban or WAF

Monitor and block suspicious IPs. Hacked By Xanzz 31 recommends Cloudflare or Sucuri.

———————————————-

## External Resources (DoFollow Links)

Hacked By Xanzz 31 recommends reading these external resources:

– OWASP Brute Force Cheat Sheet: https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html
– NIST Password Guidelines: https://pages.nist.gov/800-63-3/sp800-63b.html
– Wordfence Security Blog: https://www.wordfence.com/blog/

———————————————-

## Internal Resources (Links to My Other Posts)

Hacked By Xanzx 31 juga merekomendasikan artikel berikut dari blog ini:

– [Ganti dengan link post lamamu] – Cara Melindungi Website dari Brute Force
– [Ganti dengan link post lamamu] – Ethical Hacking 101 untuk Pemula
– [Ganti dengan link post lamamu] – 10 Celah Keamanan Paling Umum di Website Indonesia

———————————————-

## Video Embed (Rich Media)

Hacked By Xanzz 31 recommends watching this video about brute force attacks:

[Embed YouTube video: “Brute Force Attack Explained” by NetworkChuck atau video ethical hacking pilihanmu]

———————————————-

## Greetings from Hacked By Xanzz 31

Hacked By Xanzz 31 mengucapkan terima kasih kepada:

– Semua ethical hacker Indonesia
– Komunitas white hat cybersecurity
– Universitas Ratu Samban (semoga segera memperbaiki keamanannya)

Pesan dari Hacked By Xanzz 31 untuk para black hat: Jangan rusak. Laporkan saja secara bertanggung jawab.

———————————————-

## Contact Hacked By Xanzz 31

Jika Anda pemilik atau pengelola unras-bkl.ac.id:

Email: [email protected]

Hacked By Xanzz 31 siap membantu konsultasi keamanan secara gratis.

———————————————-

## Disclaimer

Hacked By Xanzz 31 menyatakan bahwa artikel ini adalah SIMULASI keamanan siber untuk tujuan edukasi. Tidak ada website yang benar-benar diretas atau dirusak oleh Hacked By Xanzz 31. Penulis (Hacked By Xanzz 31) tidak bertanggung jawab atas penyalahgunaan informasi ini.

———————————————-

## Hashtags

#HackedByXanzz31 #BruteForce #EthicalHacking #Cybersecurity #unrasbkl

———————————————-

## Final Message from Hacked By Xanzz 31

Hacked By Xanzz 31 adalah untuk keamanan, bukan kehancuran.

> “Security is not a product, it’s a process.” – Bruce Schneier

Stay safe. Stay ethical. Patch your systems.

———————————————-

>> Hacked By Xanzx 31
>> 2026-05-08
>> #Peace #CyberSafe

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *