Using Honey Pages to Stop A DDoS / Credential Stuf

Sep 11, 2021

DDoS and Credential Stuffing are among the most common forms of attack against your website. While DDoS attacks continuously evolve to become even more distributed and sophisticated, they still often target just a single page, or series of pages that the criminal enters by hand into a script. Similarly, Credential Stuffing is always targeted at your login page. While it's easy to see what page the criminal is attacking using Turnstil's Dashboard or Traffic Monitor, it's much harder to block the hundreds or even thousands of IP's / Spoofed User Agents hitting your website page. 

Because these attacks target a single endpoint on your website, they are trivial to defeat using Turnstil.Cloud. Here's how to do it:

1. Enable Honey Pages™ in the Turnstil.Cloud App.

2. Copy the path from your website and enter it into the Honey Page URL text field.

3. Choose a Response.  We recommend the "Challenge" Response, which gives legitimate website users an opportunity to bypass Turnstil.Cloud and enter your website. Because DDoS and Credential Stuffing are automated bot attacks that typically can't pass the captcha challenge, the "Challenge" Response is usually good enough to end the attack.

4. Click "Add Page" to submit the Honey Page. Advanced gating will instantly start on your website.

5. Return to Turnstil.Cloud's Dashboard to watch the attack. IPs are blocked from hitting your website and requests to your server drop back to normal levels.

6. When the attack ends, Delete the Honey Page™ rule.

Using Honey Pages, a crippling DDoS or credential stuffing attack can be defeated in just seconds. And because Turnstil.Cloud gates traffic BEFORE it hits your web server, you can log into Turnstil.Cloud to stop an attack even if your website is currently down. With the attack thwarted, your server will usually work through the remaining que’ed requests and come back online - no server restart required (although you should always check your database to make sure everything is functioning as it should after an attack).

Honey Pages™ are a great tool in your cybersecurity arsenal. They are essential for stopping DDoS and Credential Stuffing Attacks, but also hold a lot of utility for ending vulnerability scans of your website. We’ll tell you more in the next article about using Honey Pages™.