|
|
|
|
|
|
by ggggtez
2895 days ago
|
|
|
I think an important thing is that you should consider that attackers will log in at the maximum rate limit allowed. The traffic may even be greater than the rate limit, and they'll have some requests dropped by the server. But it still represents and attempted login regardless. So, yes, even with rate limiting, you can still easily hit 99% fradulent attempts. Obviously you'd be foolish to actually process all of those, and likely the attackers would realize they were rate limited and would slow down for their own best interest, but it's not a guarantee that they actually do obey the rate limit. |
|
|