Quote Originally Posted by Titania40 View Post
Part of the problem is that simply determining the vector of the attack and who's preforming it is difficult at best, from what I can find.
That is why the focus shouldn't be on trying to track back the source of the attack, but instead on mitigating the effect of any such attack. Companies should forget about trying to track down the culprits. Leave that to law enforcement entities. Instead, distributing load over a cloud network run by a super-provider with automatic route/load balancing would prevent any attack having major impacts on the service, which would eventually eliminate the incentive for losers to continue trying to inflate their flaccid ego by spending money to run fruitless attacks moving forward.

That combined with permanently banning any accounts found to be involved in abusive authentication behaviors would avoid needing to take more drastic measures, like SE needing to spend ridiculous amounts of money multiplying their own server infrastructure, or eliminating free trial accounts altogether.