Brute force, or password guessing, attacks are very common against websites and web servers. They are one of the most common vectors used to compromise websites. The process is very simple and the attackers basically try multiple combinations of usernames and passwords until they find one that works.