Stopping A Credential Stuffing AttackJan 9, 2022
Easily perpetrated with off-the-shelf code you can quickly find on the dark web, credential stuffing attacks can do a surprising amount of damage to your company. Fortunately, Credential Stuffing attacks are some of the easiest attacks to defend using Turnstil.Cloud.
Credential stuffing attacks often take the form of a Brute Force attack, because criminals want to hit your website hard, break through the door, and take what they are coming for - all before you even notice. The greedy nature of the attacks mean they can easily overwhelm your webserver, slowing down your website or even kicking it off line (and to be honest, nothing makes these attacks more rewarding for the criminal than shutting down your website).
Due to the very nature of the attack (targeted at a single entry point to your website - the Login page), Credential Stuffing attacks are trivial for Turnstil.Cloud to stop. Here’s how:
Create a Honey Page for your website Login URL, and set up a challenge or block action. We suggest you start with the challenge option so you don’t block legitimate website users.
Within minutes, every computer in their bot net will be blocked and the credential stuffing attack stops. As an additional bonus, their bot network has now exposed itself to your website and has been banned, which means they can’t attack you again from those computers in the near future.