Bots are on your website every day so how should you protect yourself? Every site is targeted for different reasons, and usually by different methods, so there is no one-size-fits-all bot defense solution. But there are some proactive steps you can take to start addressing the problem.
Here are nine recommendations for detecting bad bot activity:
1. BLOCK OR CAPTCHA OUTDATED USER AGENTS/BROWSERS
The default configurations for many tools and scripts contain user-agent string lists that are largely outdated. This step won’t stop the more advanced attackers, but it might catch and discourage some. The risk in blocking outdated user agents/browsers is very low; most modern browsers force auto-updates on users, making it more difficult to surf the web using an outdated version.
We recommend you block or CAPTCHA the following browser versions:
2. BLOCK KNOWN HOSTING PROVIDERS AND PROXY SERVICES
Even if the most advanced attackers move to other, more difficult-to-block networks, many less sophisticated perpetrators use easily accessible hosting and proxy services. Disallowing access from these sources might discourage attackers from coming after your site, API, and mobile apps.
Block these data centers:
CAPTCHA these data centers:
3. PROTECT EVERY BAD BOT ACCESS POINT
Be sure to protect exposed APIs and mobile apps—not just your website—and share blocking information between systems wherever possible. Protecting your website does little good if backdoor paths remain open.
4. CAREFULLY EVALUATE TRAFFIC SOURCES
Monitor traffic sources carefully. Do any have high bounce rates? Do you see lower conversion rates from certain traffic sources? These can be signs of bot traffic.
5. INVESTIGATE TRAFFIC SPIKES
Traffic spikes appear to be a great win for your business. But can you find a clear, specific source for the spike? One that is unexplained can be a sign of bad bot activity.
6. MONITOR FOR FAILED LOGIN ATTEMPTS
Define your failed login attempt baseline, then monitor for anomalies or spikes. Set up alerts so you’re automatically notified if any occur. Advanced “low and slow” attacks don’t trigger user or session-level alerts, so be sure to set global thresholds.
7. MONITOR INCREASES IN FAILED VALIDATION OF GIFT CARD NUMBERS
An increase in failures, or even traffic, to gift card validation pages can be a signal that bots such as GiftGhostBot are attempting to steal gift card balances.
8. PAY CLOSE ATTENTION TO PUBLIC DATA BREACHES
Newly stolen credentials are more likely to still be active. When large breaches occur anywhere, expect bad bots to run those credentials against your site with increased frequency.
9. EVALUATE A BOT MITIGATION SOLUTION
The bot problem is an arms race. Bad actors are working hard every day to attack websites across the globe. As the sheer volume, sophistication, and business damage caused by automated threats grows, bots put a costly strain on IT staff and resources. These days, bots mimic human behavior and slip by traditional security tools. Consider evaluating bot mitigation vendors that have the industry expertise and vigilant support you’ll need for full visibility and control over abusive traffic.
About the Author
Edward Roberts leads Product Marketing and has over twenty years experience in technology marketing. Previously he worked for Juniper Networks, heading up Product Marketing for the Counter Security team. Before that he ran marketing for Mykonos Software, a web security company.More Content by Edward Roberts