Brute force prevention
Below is a list of actions have been implemented to prevent brute force attacks on the platform.
| Id | Action | Description |
|---|---|---|
| 1 | Account Lockouts | After a specific number of consecutive failed login attempts, we lock the account for a set period or until manual intervention. |
| 2 | Rate Limiting | We have defined thresholds for how many requests can be made to specific URLs or by specific IPs within a time window. If the limit is exceeded, the requester receives a 429 error (Too Many Requests). |
| 3 | Bot Management | We use machine learning to detect and mitigate bot traffic, which is especially useful for preventing automated brute force attacks |
| 4 | Strong Password Policies | We ensure that users have strong, unique passwords.See our password policy |
| 5 | Secure application infrastrcuture | We use Web Application Firewalls (WAFs) to identify and block malicious traffic. We regularly update and patch all software components to ensure they are protected against known vulnerabilities. |
| 6 | Blacklist known malicious IPs | We use threat intelligence feeds or services to get lists of known malicious IPs and block them. |
| 7 | Geographic restrictions | As our service is tailored to specific regions, we are blocking or adding additional verification steps for requests coming from unusual geographic locations. |
| 8 | Browser integrity check | This feature checks for suspicious patterns and behaviors in the HTTP headers to ensure the request is coming from a legitimate user browser. |
| 9 | User agent blocking | We are blocking requests from specific user-agents that may be sources of malicious traffic. |
| 10 | Use HTTPS | All data transmitted between the client and server is encrypted using HTTPS. This helps in preventing man-in-the-middle attacks. We use TLS 1.3 which the latest and most secure version. |
| 11 | Regular audits and penetration testing | We periodically conduct security audits and penetration testing to identify vulnerabilities in our application. |
While the above list highlights some of our primary security measures, it is by no means exhaustive. In our ongoing commitment to safeguarding our system, we will persistently evaluate, update, and implement new security features to counteract potential malicious attacks.
Updated 17 days ago