Credential stuffing is a cyberattack in which credentials obtained from a data breach on one website or application
are used to attempt to log in to your properties, typically in an automated fashion.
For example, a user on your websites email address and password may have been leaked online in a populer hack, such as the LinkedIn or Adobe ones.
Bots will then try to login to your site with that email and password, and if it works report that to be used for abuse.
Preventing credential stuffing is actually quite simple and relies on two primary considerations:
Using Nova's Bot and Post Protection options you can easily slow down and block automated login attempts. It will automatically limit login attempts on your site to prevent abusive behaviour.
You may then optionally enable the NovaSense threat intelligence system on your Nova ADC to pre-emptively block
known malicious hosts engaged in cybercrime. This is an extremely effective method to block unwanted