Brute force prevention

Below is a list of actions have been implemented to prevent brute force attacks on the platform.

1Account LockoutsAfter a specific number of consecutive failed login attempts, we lock the account for a set period or until manual intervention.
2Rate LimitingWe have defined thresholds for how many requests can be made to specific URLs or by specific IPs within a time window. If the limit is exceeded, the requester receives a 429 error (Too Many Requests).
3Bot ManagementWe use machine learning to detect and mitigate bot traffic, which is especially useful for preventing automated brute force attacks
4Strong Password PoliciesWe ensure that users have strong, unique passwords.See our password policy
5Secure application infrastrcutureWe use Web Application Firewalls (WAFs) to identify and block malicious traffic.
We regularly update and patch all software components to ensure they are protected against known vulnerabilities.
6Blacklist known malicious IPsWe use threat intelligence feeds or services to get lists of known malicious IPs and block them.
7Geographic restrictionsAs our service is tailored to specific regions, we are blocking or adding additional verification steps for requests coming from unusual geographic locations.
8Browser integrity checkThis feature checks for suspicious patterns and behaviors in the HTTP headers to ensure the request is coming from a legitimate user browser.
9User agent blockingWe are blocking requests from specific user-agents that may be sources of malicious traffic.
10Use HTTPSAll data transmitted between the client and server is encrypted using HTTPS. This helps in preventing man-in-the-middle attacks. We use TLS 1.3 which the latest and most secure version.
11Regular audits and penetration testingWe periodically conduct security audits and penetration testing to identify vulnerabilities in our application.

While the above list highlights some of our primary security measures, it is by no means exhaustive. In our ongoing commitment to safeguarding our system, we will persistently evaluate, update, and implement new security features to counteract potential malicious attacks.