In cryptography, a brute force attack or exhaustive key search is a strategy that can in theory be used against any encrypted data by an attacker who is unable to take advantage of any weakness in an encryption system that would otherwise make his task easier. It involves systematically checking all possible keys until the correct key is found. This is a quite common technique that basically probes various combinations of username and passwords in order to enter the site. The general reason for doing this is to obtain access to the platform and then use it for generating spam or for harvesting user information.

Moodle has no active protection against such attacks other than strong password policies. However, administrators or teachers can be notified for all cases of failed logon attempts. To configure these notifications, visit the Administration | Security | Notifications page and configure it like this: