Ever heard of counting attempts? Log the IP, present a CAPTCHA after 100 requests in a minute.
Besides, if I wrote a bot I would run a browser dialer from Chrome. It would request your site in a Chrome tab and appear completely legitimate to your stupid fingerprinting scripts
Ever heard of counting attempts? Log the IP, present a CAPTCHA after 100 requests in a minute.
Ever heard of IP rotation?
This is one malicious source rotating through IPs over the course of 24 hours. They’re attempting to credential stuff my logins ( on a production service ).
Yeah, it’s fine as long as you don’t block legitimate users. For example, when I use a VPN a lot of sites block me. Even when my actual IP is banned when I’m in China (4chan range bans Chinese IPs) or the website is blocked in China.
Ever heard of counting attempts? Log the IP, present a CAPTCHA after 100 requests in a minute.
Besides, if I wrote a bot I would run a browser dialer from Chrome. It would request your site in a Chrome tab and appear completely legitimate to your stupid fingerprinting scripts
Ever heard of IP rotation? This is one malicious source rotating through IPs over the course of 24 hours. They’re attempting to credential stuff my logins ( on a production service ).
Yes, the industry is well aware of this. We do behavioral detection on both sessions and IPs. This is fairly basic.
Yeah, it’s fine as long as you don’t block legitimate users. For example, when I use a VPN a lot of sites block me. Even when my actual IP is banned when I’m in China (4chan range bans Chinese IPs) or the website is blocked in China.