Distil Networks Uses Device Fingerprints to Detect Malicious Web Bots

August 30, 2016

Web applications are subject to click fraud, comment spam, content scraping, and more. Bot detection and mitigation can close these vulnerabilities.

Who's that coming to your website? Is it friend or foe? Is it a customer wanting to buy your products, or someone or something wanting to steal your web content? Is it a community member that wants to post a relevant comment, or a spammer intent on planting junk links and content in your open comments section? Is it a real person clicking on an ad, or a web bot driving up fraudulent clicks?

Web applications are increasingly being subjected to automated threats such as click fraud, comment spam, content scraping, abusive account creation, and more. These and other illicit or unwanted activities are described in detail in the OWASP Automated Threat Handbook for Web Applications.

This article is about one vendor’s approach to defeat unwanted web traffic, whether it's automated or human-driven. I should point out that there are desirable and highly useful web bots too, such as the web crawlers used by search engines to find and index content, and chat bots that are used to fetch information and bring it into chat rooms where humans meet. Any solutions designed to defeat malicious bots have to allow the good ones to proceed.

According to the web application defense company Distil Networks, 73% of bots have more than one IP for a single attack on a website, and 20% of them use more than a hundred IPs. Traditional tools that are doing IP blocks aren't able to keep up with such diversionary tactics. This is one way that bots are becoming more persistent. Distil Networks also points out that the majority of bots today can load JavaScript. Moreover, bots are now mimicking human behavior by doing things like pausing between page requests and moving the mouse. These tactics make them harder to detect, but they also throw off analytics tools that are used to measure the effectiveness of websites and their content.

Read the Article

Previous Article
What's The Lost Revenue From Bots Scraping Original Content?
What's The Lost Revenue From Bots Scraping Original Content?

Distil Networks published a study this week titled "The 2016 Economics of Web Scraping."

Next Article
Web Scraping Bots are 46% of Web Traffic
Web Scraping Bots are 46% of Web Traffic

Distil Networks has released its latest report on web scraping. In “The 2016 Economics of Web Scraping” it ...