Brute force attack to login page impossible to block


we run an eshop based on prestashop. We did everything possible to stop the attacks but without longterm success.

  1. Captcha - bypassed
  2. Under attack mode - bypassed
  3. Browser integrity - bypassed
  4. Web application firewall - today bypassed, even with block variant
  5. Login restrictions - not working (we have 2 logins per one minute means ban for one hour, no help)

There are maybe 50 attempts per second, our server is all the time 100% cpu and memory, site is slowed down as ■■■■ and right now I have no idea what else we can do. Every IP is different, there are tens of thousands IP addresses from all over the world. Not just one country.

Can you help us please?

Thank you.


Ok, if someone will look for the same issue, if you have a subdomain and nothing from cloudfare is working there, you must have in DNS A type fulfilled. Not only CNAME. After changing it to A, Cloudflare is now taking care also of our subdomain… Under attack option is working now.


Have you tried rate limting?

A year later, seriously?

oh wow, well, my sorting of posts was hardly the best new to the forum software I took it as the 18th of this month. eekkk

1 Like