Server experts, can a "new IP each time" burst attack be stopped?
 

Server experts, can a "new IP each time" burst attack be stopped?

proxypass can do this if IP's are used more than one time.. but if the attacker uses a new IP on each un/pw combination he tests, can the attack then be stopped?

sometimes bots send http/1.0 requests instead of 1.1. Turn on logging and see what kind of requests you are getting.

yes, but that is custom htaccess, treat it like a proxy

If it's a dictionary attack a pattern sequence can be recognized.
This can be stopped in several ways. Does your host not do this for you?
I will lend you a hand if you like.

Some tips: If the ips are all the same C Class, just block the C class.
If the ips are all coming from the same provider, block their asn at your router until
they acknowledge and fix the problem.

:-)

Although not impossible, the chances of your member site being picked out by an attacker who is only taking 1 ip per connection is a bit odd. The best way to deal with this is to keep a log of connections to the server, and then go through them. There is a good chance that even though there is ip rotation going on, they are using the same cycle of ips sooner or later. If not there is other ways to deal with this issue. Feel free to contact me, and allow me to look into your issue. I will find out whats going on and figure out a solution for you. My services would be free to till the point of resolving it.

Let me know.

peace

If this is an ongoing issue, or concern, or yours than you should look at DDoS Protection from a company called "fortressitx". They offer something they call "special sauce" to help mitigate things like this. It is costly, but if this is going to be an ongoing hassle, shell out the cash and look into their solution.

Good luck.

We deal with these attacks time to times. I'm not going to get into how we block it or what we look for and/or what we use to block it but yes, it is blockable and easier than many would think.