Expert Q&A: How to use honeypots to lure and trap bots

As bots become more sophisticated, detection and blocking need to stay one step ahead of them. In this conversation with Itay Binder, Cyber Security Research Manager at PerimeterX, we discuss one method used to attract and trap bad bots. He explains how PerimeterX uses the honeypot method to achieve better decision making about “bot or not” and how that disrupts the cost model for attackers.

What is the honeypot method? How is this method used to fight bad bots?

When talking about honeypots in cybersecurity, we’re referring to a method used to attract attackers by simulating how vulnerabilities behave in a system or by luring an attacker to a specific endpoint. Since there is no reason for a legitimate user to access this type of endpoint, honeypots are an effective way of differentiating between legitimate human users and bots. Any attempt to communicate with the endpoint is considered suspicious and is easily flagged.

One example of a honeypot is adding an HTML input element on the page, but hiding it using the CSS. Legitimate human users will not be able to see the input element and so will never access it. Another example of a honeypot is to place two clickable elements, one on top of the other, in the same exact position on the page. A legitimate user will only be able to click on the upper element, whereas a bot scanning the page will click on both elements.

Would a human user ever be exposed to a honeypot?

No. Honeypots are hidden code on a webpage with no visibility to the user when the HTML or JavaScript is rendered in their browser. When a legitimate user browses the webpage they will see the regular webpage. Bots, on the other hand, scan the code and interact with it. For (Read more...)