Follow

Measuring login and credit card stuffing attempts

The Distil platform is designed to detect and mitigate unwanted automation that performs login attacks and other undesirable behaviors. However, the Distil platform does not natively know if a web application is responding back to a successful or failed log in attempt. This is also true for credit card submissions, gift card checking, and other sensitive information checking.

Distil needs an identifier to know when a login or credit card submission attempt was unsuccessful. Distil recommends that failed form submission attempts use either a 401 or 403 HTTP response code. For the RFC on how the HTTP status code 401 should be used, refer to the following link.

https://tools.ietf.org/html/rfc7235#section-3.1 

By doing using a status code to differentiate between successful and failed login attempts, Distil is able to identify and measure the ration of attempted, successful, and failed login attempts. 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments