Does Cerber protect against ‘Automated massive requests’?

  • Resolved the_lar

    (@the_lar)


    6 years, 10 months ago

    Hi all,

    I’m undertaking a security review for a site which currently uses WP Cerber and in the Securing Forms part of the review, the requirement is to ‘Protect from automated massive requests’. My site has large forms to nominate but visitors need to be registered and signed in to reach them, so I guess that’s protection in itself. The only form that is publically accessible is the register form. Does Cerber have any kind of cabability to protect against this?

    The explanation given for this requirement is as follows:
    ———
    The web application should be protected against massive numbers of requests. This protection should be put in place in addition of what may be in place at network level. This rule should be applied for Internet and intranet applications, whether the form is authenticated or not. The protection should be put in place at application level, for each identified business risks related to the sending of large amount of requests by attackers using automated tools (for instance, when dealing with registration, booking, purchase, etc.) For instance, protection can be based on checking if the number of purchases made in an hour by a user account is higher than a maximum threshold.
    ———
    Many thanks for any help
    Kevin

    • This topic was modified 6 years, 10 months ago by the_lar.
    • This topic was modified 6 years, 10 months ago by Andrew Nevins.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author gioni

    (@gioni)

    Hi!

    Yes, it does. In the PRO version, there is a feature that limits the number of user registrations and mitigates automated registrations. This feature allowing to set the limit to the number of allowed registrations from a single IP address within a given period of time. It works with any registration form on a website and logs all attempts to register.

    Read more: https://wpcerber.com/pro/

    Thread Starter the_lar

    (@the_lar)

    Great, thanks for the info Gioni

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Does Cerber protect against ‘Automated massive requests’?’ is closed to new replies.