How to stop bot attacks on your website and prevent future attacks.
It’s no secret that in recent years, risks associated with cybercrimes are on the rise, with new threats and attack vectors emerging virtually every day.
Many of these cybersecurity threats are made possible with the help of malicious bots: brute force attacks, content scraping, denial of service, spam, fraud, and malware injection are just some of the frequent examples of bot attacks that might cause long-term and even permanent damage to your reputation and financial performance.
The most advanced bad bots are very good at imitating human technologies and behaviors, which makes it hard to detect them and differentiate them from legitimate human users. They can, for example, imitate non-linear mouse movements, seemingly randomized workflows, and other humanlike behaviors across web applications. They can also attack from hundreds, if not thousands, of different IP addresses.
So while stopping bot attacks might seem like the obvious way to protect your online applications and prevent various cybersecurity threats, actually doing it is easier said than done.
In this guide, we’ll take a look at how to stop bot attacks on your website, and how to prevent future attacks. But first, let’s establish precisely what we mean by a bot attack.
Bot attacks: what are they?
Before anything else, it’s important to first establish the definition of bots—or internet bots—-so that we are on the same page before discussing what we can do to stop bot attacks.
An internet bot is a software application or program that runs automated scripts or tasks over the internet. Typically, they are executing relatively simple, but repetitive tasks at a much faster rate than a human ever could.
For example, a human user might need 30 seconds to fill a form before they can submit it, but a bot specifically programmed for this form can perform the same task in an instant.
It’s important to note that although bots or internet bots now have a bad reputation due to their association with various cybersecurity threats, there are good bots—owned by reputable companies like Google or Facebook—that can be beneficial for our website.
Google’s crawler bot, for example, is responsible for indexing your website, allowing it to be ranked on Google’s search engine results page (SERP). So, we don’t want to block Googlebot’s activities if we still want our audience to be able to find our site on Google.
Our focus in this guide, however, is the bad bots.
Bad bots or malicious bots are developed and deployed with ill-natured intent, typically by hackers or cybercriminals. Our purpose is to prevent attacks from these bad bots, while still allowing legitimate traffic from human users and good bots.
See DataDome in Action
Common forms of bot attacks
Here are the common cybersecurity attacks that are performed by bad bots, and common signs and symptoms for each.
1. Web scraping
Web scraping or content scraping is the practice of rapidly extracting content and information from a web page. A lot of good bots perform web scraping, and content scraping by itself is not illegal.
However, web scraping can cause several issues, for example:
- If your competitors scrape your pricing information and use it to undercut your prices,
- When hidden data or information that is not made public is extracted by the web scraper, causing you to lose sensitive data
- It can burden the network and slow down your website’s performance
- The attacker can republish scraped content on another website, potentially outranking you in search engine results with your own content or causing a duplicate content issue.
Web scraping is especially threatening for businesses and websites in price-sensitive industries, like ticketing or hotel booking websites. For example, competitors can use bots to scrape your price information and then undercut you, resulting in this competitor winning the top placement on price comparison websites.
Signs of a scraper bot attack on your website:
- Declining conversion rates
- Your competitors consistently beating you on prices
- Your content is posted elsewhere
- Poor website performance, a sign that intensive scraping activity is using too much bandwidth
- Unexplained traffic peaks at unusual times
- Unexplained downtime
2. Brute force attacks
A brute force attack is an attempt to ‘guess’ the credentials of an account or system by trying huge numbers of possible combinations. Since bots can input username/password pairings at a much faster rate than humans, brute force attacks can theoretically always be successful given an infinite amount of tries and unlimited time.
A variation of brute force attacks is the credential stuffing attack, in which the bot attempts to use stolen credentials (that are typically sold on the dark web) on other accounts. For example, if the hacker possesses a list of credentials from a data breach on Google, the hacker now tries these credentials on Facebook. Since people tend to use the same email address and password across multiple websites, credential stuffing success rates can be surprisingly high.
Signs of a brute force attack on your website:
- A suspicious increase in failed login attemps
- A spike in login attempts and customer account lockouts
- Increase in chargeback claims (on e-commerce sites)
3. Spam
We all know that spam problems are everywhere, and bots can attempt to send spam content in different ways.
A common practice is for the bots to create free accounts on your site and then spam messages anywhere your site allows (blog comment section, forms). Nowadays, various bots are also spamming content on social media networks.
Signs of a spam bot attack on your website:
- Abnormal increase in new account creation
- Increased spam complaints
4. Credit card cracking and related fraud
Bots can test stolen credit card details to identify missing data (CVV numbers, expiry date), similar to a brute force attack.
If your site also offers gift cards, malicious bots may attempt to steal money by requesting gift card balance, causing lost balances in customers’ cards.
Signs of a carding bot attack on your website:
- Increase in customer support calls
- Increased chargeback claims
- Increased requests for gift card balance
5. DoS/DDoS
Denial of service attacks are an attempt by bots to cause slowdowns or total downtime on your site by making repeated, high-volume requests to overwhelm your server. This can lead to your website being unable to deliver service to legitimate users.
DDoS attacks can also be unintentional. For example, aggressive scraper bots may cause downtime by making too many requests, even though it is in their own interest that your website stays available.
Signs of a DDoS bot attack on your website:
- Increases spikes in traffic on certain resources
- Increase in customer complaints
How to stop bot attacks on your website
Now that we’ve understood the negative effects bad bots can affect your site, let’s discuss some effective ways to stop and prevent these bot attacks.
1. Invest in a bot mitigation solution
The most important step in stopping and preventing bot attacks on your website is to get a proper bot detection and mitigation software to protect your site.
A few years ago, it was still possible to achieve “good enough” bot attack mitigation with in-house solutions and WAF rules. Today, however, detecting malicious bots requires highly specialized know-how.
So what should you look for in a good bot protection solution? The answer may depend on your website infrastructure, your industry, and your risk profile, but here are a few points to consider:
- Time to protection. If you’re currently under attack, stopping the bot attack as quickly as possible is probably your top priority. Look for a solution you can activate right away, rather than one that requires a proof of concept and a lengthy negotiation process before you can get help.
- Detection quality. A bot protection solution has one main job: to stop bot attacks on your website. Ask potential vendors for proof of their detection efficiency, and test a few potential solutions in parallel on your real traffic if you can.
- Non-intrusive design. A well-designed bot protection solution should not require DNS rerouting or major changes to your web applications. Depending on your server architecture, you may even be able to find “one-click” installation options, such as the DataDome module for Cloudflare.
- Easy-to-use dashboard. Compare the dashboards of the options you’re considering. How easy (or difficult) is it to understand your bot traffic patterns? How easy (or difficult) is it to allow-list partner bots, to switch the protection on and off, etc.?
The ideal solution should take bot management completely off your hands, so that you never have to worry about how to stop bot attacks on your website again. But if you haven’t found the right solution for your website yet, here are a few tactics you can try in the meantime.
See DataDome in Action
2. Monitor your traffic
Monitor your site traffic at least for the following important metrics:
-
- Traffic spikes: if you see any spikes in traffic for a relatively short time frame (i.e. under a week), it can be a sign of bot activities. There are few exceptions for this, but they should be obvious, for example when there’s a new product launch on your site then traffic spikes can be expected.
- Suspicious sources: bot traffic commonly comes from direct traffic (i.e. not from Google search or people clicking your ads) with new user agents and sessions. Repeated requests from a single IP address are a clear sign.
- Bounce rate: a spike in bounce rate can be a major sign of bot traffic that is only looking to perform a single task repeatedly before leaving your site.
- Overall site performance: when there’s a significant slowdown on your site, it might be a sign that your servers are stressed out due to abnormal bot traffic.
3. Block data center IPs
Yes, most advanced attackers have moved to more sophisticated networks and servers, but many less-sophisticated cybercriminals may still rely on hosting and proxy servers that have been commonly used in various attacks before—and they can be easily blocked.
Purchase a list of known data center IPs, and block or Captcha requests coming from those IPs. It’s less efficient and carries a higher risk of false positives (real users being blocked) than a real bot management solution, but for a quick fix, it might be worth a try.
4. Block older user agents and browsers
Many easily accessible bot scripts and tools contain outdated user-agent lists. Again, this won’t stop advanced attackers and sophisticated bots, but this is a best practice to stop less-sophisticated bots from attacking your site.
You should challenge or block older browser versions. In general, block browser versions that are already older than 3 years, and you can Captcha those that are up to 2 years old.
Conclusion
Applying static or passive rules to detect and mitigate bot traffic is no longer enough. To efficiently stop bot attacks on your website and prevent future attacks, invest in a proper bot management solution that can detect and block even the most sophisticated attackers.
A good bot mitigation solution should provide unique, properly-managed attack responses that are optimized for each different kind of bot attack.
For a decent-sized website, the right bot management solution is likely to enable sufficient cost savings — lower infrastructure costs, less time spent mitigating attacks and handling customer complaints, etc. — that it actually pays for itself.
*** This is a Security Bloggers Network syndicated blog from DataDome authored by DataDome. Read the original post at: https://datadome.co/learning-center/how-stop-bot-attacks/
