Welcome to WebmasterWorld Guest from 22.214.171.124
Forum Moderators: phranque
Audit your own passwords. Even without access to a account users can be auditing your passwords for you, there are enough applications out there the brute force attack to find working accounts.
they decrypt the .htaccess/.htpasswd files?
Just to clear things up on the subject of .htpasswd; remember that you cannot "decrypt" entries in .htpasswd since they are only one-way hash values, not encrypted passwords.
Instead; as EliteWeb is referring to, "hackers" (or more correctly "crackers") perform a dictionary attack on entries in .htpasswd by comparing the hashed values of thousands of known passwords with those in your .htpasswd file.
Mmmm Makes me wonder, if you gain entry to a system your a hacker. But when you crack passwords is your hacker title removed or do you become a hacker/cracker? ;)
(Note I'm not a UNIX guru, so I may not have explained this well.)