Blog makes blocking bots and classification of data center IP addresses easy. Enter your email to be placed on the waitlist for early access.

Classifying Data Center IP Addresses in Phoenix Web Applications with Radix Trees

by Michael Lubas

A route that blocks data center IPs

Several cloud hosting companies publish the IP address ranges of their services. Examples include AWS, Azure, GCP, Oracle, and DigitalOcean. This information is useful to website owners, because the expected behavior of a client coming from a cloud server is different from a residential IP address. Consider a website that sells concert tickets, and wants to prevent bots from quickly purchasing all available tickets. The website owner notices that when tickets go on sale, hundreds of clients with data center IP addresses are making automated requests, purchasing tickets for resale before real visitors can.

Continue Reading ->

Throttling and Blocking Bad Requests in Phoenix Web Applications with PlugAttack


A credential stuffing attack

Web applications that accept username and password pairs for authentication may experience credential stuffing by malicious clients. We use the term “credential stuffing” to refer to the act of using credentials, taken from a website’s public data breach, to preform many authentication attempts against victim accounts on a different website. This tutorial will demonstrate how to mitigate credential stuffing against a Phoenix Framework application, using PlugAttack.

Continue Reading ->