[daxorid]

I can vouch for this, from the other side. We routinely catch AWS hosts running password-guessing bots against our login forms. Emailing abuse@amazonaws.com doesn't seem to lead to reductions in our fail2ban and custom tarpit logs.

[MichaelGG]

Claiming someone is brute forcing your logins doesn't have the legal weight of a DMCA notice. Why should they do anything? DMCA provides provisions for counter notice and legal remedies for false filings.

[cat199]

Is it the same hosts?

Having worked web security -

This is always a battle - for big operations you've got people farming out signups using stolen data to random 'buddies' on the other side of the world with the dark hat team ready to stand up outbounding traffic as fast as they can get a processor to execute it on, not to mention the hosts that get cracked automatically..

It's whack-a-mole on crystal meth.