I see the continued stress on the portal. Sorry this is happening, but thank you for your work in resolving it. I'm curious how they get thru cloudflare?
This isn't a script kiddy attack. He is absolutely using his own attack kit to do this. I've put in many barriers to entry to try to catch him, and every few days the attack evolves to bypass it. He is able to get his attack to pass the browser verification check done by Cloudflare.
I'm still stumped at what the person is trying to achieve though. A completely untargeted attack (the database leaks he's using as username/password sources are bigger than any BTC site). If he does manage to get an account, odds are it will be abandoned. If not abandoned, it will probably have an email setup that they'll have to crack to change the wallet. And any account with a decent value is sure to have wallet lock enabled so there'd be no way to steal the coins even with both the account and email compromised.
I think the best defense is not to use BTCGuild as a bank... I have autopayments and near zero balance with btcguild. I prefer to keep my $$$ under my direct control. Same with any pool have the payouts go to another secure wallet. I trust you are passing this info back to cloudflare so they can improve their defenses as well?
Just put some delay on the next login after a failed attempt: like 1 second and double this delay on every unsuccessful attempt from the same IP
. I guess I'll have to delete my promotional ads for "Complete your set today" with a 10% premium on the new colors (/s).
