Ever heard of counting attempts? Log the IP, present a CAPTCHA after 100 requests in a minute.
Besides, if I wrote a bot I would run a browser dialer from Chrome. It would request your site in a Chrome tab and appear completely legitimate to your stupid fingerprinting scripts
Ever heard of counting attempts? Log the IP, present a CAPTCHA after 100 requests in a minute.
Ever heard of IP rotation?
This is one malicious source rotating through IPs over the course of 24 hours. They’re attempting to credential stuff my logins ( on a production service ).
Ever heard of counting attempts? Log the IP, present a CAPTCHA after 100 requests in a minute.
Besides, if I wrote a bot I would run a browser dialer from Chrome. It would request your site in a Chrome tab and appear completely legitimate to your stupid fingerprinting scripts
Yes, the industry is well aware of this. We do behavioral detection on both sessions and IPs. This is fairly basic.
Ever heard of IP rotation? This is one malicious source rotating through IPs over the course of 24 hours. They’re attempting to credential stuff my logins ( on a production service ).