Hi Folks,
Backov is right... even if you can pass a 200 OK message they will catch on in a few minutes that every response you're sending is 200 OK. Cookies can be spoofed, etc.., blah blah blah, but the biggest problem is what Boldy and the others are describing:
The sheer quantity of requests in a short time frame.
Look, all of these guys are using proxies and distributed attacks to brute force. We have built a solution, and for 50 bucks it's at least worth a try:
http://www.proxypass.com
Backov will atest as will our other clients that your userload will go down considerably. We do something better than 200 OK responses during blitz attacks: we just stop responding altogether to proxy requests. The result: timeouts and other problems for the crackers.
If you are being brute forced, please get in touch with us and we'll show you a way to stop this.
PXG