Stopping A Credential Stuffing Attack

Jan 9, 2022

Easily perpetrated with off-the-shelf code you can quickly find on the dark web, credential stuffing attacks can do a surprising amount of damage to your company. Fortunately, Credential Stuffing attacks are some of the easiest attacks to defend using Turnstil.Cloud

Because Credential Stuffing Attacks are bot driven and don’t load javascript, Google Analytics won’t tell you you’re under attack. Without Turnstil.Cloud, the only way you know a Credential Stuffing attack is even happening is by the slowdown, or even the crash, of your web server. With Tursntil.Cloud, you can watch the attack in real-time, and even be notified when an attack occurs.

Credential stuffing attacks often take the form of a Brute Force attack, because criminals want to hit your website hard, break through the door, and take what they are coming for - all before you even notice. The greedy nature of the attacks mean they can easily overwhelm your webserver, slowing down your website or even kicking it off line (and to be honest, nothing makes these attacks more rewarding for the criminal than shutting down your website).

Due to the very nature of the attack (targeted at a single entry point to your website - the Login page), Credential Stuffing attacks are trivial for Turnstil.Cloud to stop. Here’s how:

Create a Honey Page for your website Login URL, and set up a challenge or block action. We suggest you start with the challenge option so you don’t block legitimate website users. 

Within minutes, every computer in their bot net will be blocked and the credential stuffing attack stops. As an additional bonus, their bot network has now exposed itself to your website and has been banned, which means they can’t attack you again from those computers in the near future.