Well, there are a lot of programs out there for brute force hacking, IRIS and Brute are among favorites. But it is a server that you have to configure really, so it does not allow itself to get hacked (sorry that's an oxymoron). You see, there are security holes that can be exploited pretty much everywhere, and the safest computer one that is strapped of it's components and burried in the middle of the desert a few thousand feet under the ground in a airless air-tight plastic container with a 10 kilotonn nuke that detonates at any sign of change.
But anyways, make sure that you have good data validation, good logging, string length checks everywhere, and as little room for a possible custeomer mistake as possible. Hey you can set up a system where after say 10 login tries, an admin finds out about it by any means.
Also, make sure that whatever server you are using, is configured and updated propperly, so none of at least newbie to intermediate hackers can get in.