Kevin Day wrote:
The attacks we see now are... well orchestrated. 10-50,000 proxy servers all making login attempts at once, rather slowly. 10-50 login attempts per second, each from a different proxy. Still slow enough per IP that it doesn't hit our threshold for how many bad logins per IP per hour we allow, but enough attempts that just by trying seemingly random username/password combinations they get a couple of successes a day. We've also seen people trying what appear to be known good username/password combos that were presumably acquired from other sites that were compromised in some way.
But, in turn, there are at least two distinct aims here; 1. Authorised access; people want free porn. 2. DoS; people object (either "on principal" or by competitors) to the service you provide, so they want to deny access to others or make it too expensive to run. Defending against one usually makes the other easier :( Peter