Hello everyone! Im pretty new here, and I was hoping someone here could help suggest a solution for my problem.

My site is constantly under attack from password stuffers, and we are attacked through these stolen logins.

I have tailed my error logs, and noticed that when someone is running one of these proxy based password stuffer programs, they send about 20-100 login/password requests per second!

Does anyone know a way to set "apache authentication" (the standard popup window for username/login entry on webpages) to allow 3 attempts as normal, and after 3 failed, it will require a 60 second latency in between the next attempts?

I have no clue how to stop the attacks, but I figured if i could slow them to a crawl, it would be a pretty good solution.

Thanks for any suggestions, or comments! : )