Seven bot threats to your site

image

DDoS attacks remain one of the most discussed topics in the field of information security. At the same time, not everyone knows that bot traffic, which is a tool for such attacks, entails many other dangers for online businesses. Using bots, attackers can not only disable a site, but also steal data, distort business metrics, increase advertising costs, and damage the site’s reputation. We will analyze the threats in more detail, and also recall the basic methods of protection.

Parsing


Bots parses (that is, collect) data on third-party sites constantly. They steal content in order to publish it later without reference to the source. At the same time, placing copied content on third-party sites omits the source resource in the search results, which means reducing the audience, sales and advertising revenue of the site. Bots also track prices to sell products cheaper and lead customers away. Buy various things to resell more expensive. They can create false orders to load logistics resources and make goods inaccessible to users.

Parsing significantly affects the work of online stores, especially those with the main traffic coming from aggregator sites. Attackers after parsing prices set the value of the product slightly below the original, and this allows them to rise significantly in search results. Tourist portals are also often attacked by bots: they steal information about tickets, tours and hotels.

In general, the moral is simple: if your resource has unique content, the bots have already left for you.

Parsing can be noticed by sudden bursts of traffic, as well as by tracking the pricing policy of competitors. If other sites instantly copy your changes in value to themselves, then it means that bots are most likely involved.

Cheat


Performance cheat is a concomitant effect of the presence of bots on the site. Each action of bots is reflected in business metrics. Since the share of illegitimate traffic is palpable, decisions based on resource analytics are often erroneous.

Marketers learn how visitors use a resource and make purchases. They look at the conversion rate and leads and identify key sales funnels. Companies also conduct A / B tests and, depending on the results, write strategies for the site. Bots affect all of these indicators, which leads to irrational decisions and excessive marketing costs.
Attackers can also use bots in order to affect the reputation of sites, including social networks. The same situation is with sites for online voting, where bots often wind up indicators in order to defeat the option that the attackers need.

How can cheat be detected:

  • Check analytics. A sharp and unexpected increase in an indicator, for example, login attempts, often means a bot attack.
  • Track changes in the origin of traffic. It happens that an unusually large number of requests from unusual countries comes to the site - this is strange if you did not target them with campaigns.

DDoS attacks


Many have heard of or even encountered DDoS attacks. It is worth noting that the resource is not always disabled using high traffic. Attacks on the API are often low-frequency, and while the application crashes, the firewall and load balancer work as if nothing had happened.

The tripling of traffic to the main page may not affect the site’s performance in any way, but the same load directly on the page with the basket leads to problems, as the application starts sending multiple requests to all components involved in the transactions.

How to detect attacks (the first two points may seem obvious, but do not neglect them):

  • Buyers complain that the site is down.
  • The site or individual pages are slow.
  • The traffic on individual pages is growing sharply, a large number of requests appear in the basket or on the payment page.

Hacking personal accounts


BruteForce, or password cracking, is organized using bots. Leaked databases are used for hacking. On average, users come up with no more than five password options for all online accounts - and the options are easily picked up by bots that check millions of combinations in the shortest possible time. Then, attackers can resell actual combinations of logins and passwords.

Also, hackers can take control of their personal accounts and then use them to their advantage. For example, withdrawing accumulated bonuses, stealing purchased tickets for events - in general, there are many options for further actions.

It’s not too difficult to recognize BruteForce: an unusually high number of unsuccessful login attempts indicates that hackers are trying to hack an account. Although it happens that attackers send a small number of requests.

Clique


Clicking advertisements by bots can lead to significant losses for companies if it is not noticed. During the attack, bots go through the ads posted on the site and thereby significantly affect the metrics.

Advertisers obviously expect that real users will see banners and videos posted on the sites. But since the number of impressions is limited, advertising, due to bots, is being shown to a smaller number of people.

Sites themselves want to increase their profits through ad impressions. And advertisers, if they see bot traffic, reduce the volume of placements on the site, which leads to losses and to a deterioration in the reputation of the site.

Experts distinguish the following types of advertising fraud:

  • False views. Bots visit many pages of the site and generate illegitimate ad views.
  • Clickfrod. Bots click on search sponsored links, which leads to higher search advertising costs.
  • Retargeting Bots visit many legitimate sites before clicking to create a cookie that costs more to advertisers.

How to detect clogging? Usually, after clearing the traffic from the fraud, the conversion rate decreases. If you see that the volume of clicks on banners is higher than expected, then this indicates the presence of bots on the site. Other indicators of illegal traffic may include:

  • Increased clicks on advertisements with minimal conversion.
  • Conversion is declining, although the content of the ad has not changed.
  • Multiple clicks from one IP address.
  • A low share of user engagement (including a large number of failures) with an increase in clicks.

Vulnerability Search


Vulnerability testing is performed by automated programs that look for weaknesses in the site and API. Popular tools include Metasploit, Burp Suite, Grendel Scan, and Nmap. Both specially hired services and intruders can scan a site. The sites negotiate with hacking experts to check their protection. In this case, the IP addresses of the auditors are recorded in white lists.

Attackers test sites without prior agreement. In the future, hackers use the results of checks for their own purposes: for example, they can resell information about the weak points of the site. It happens that resources are not scanned purposefully, but as part of exploiting the vulnerability of third-party resources. Take WordPress: if a bug is found in any version, bots will look for all sites that use this version. If your resource is on such a list, you can wait for the visit of hackers.

How to detect bots?

To search for weaknesses in the site, attackers first conduct reconnaissance, which leads to an increase in suspicious activity on the site. Filtering bots at this stage will help to avoid subsequent attacks. Although bots are hard to detect, requests to all pages of the site can be sent from one IP address as an alarm. It is worth paying attention to the growth of queries to non-existent pages.

Spamming


Bots can fill out site forms with junk content without your knowledge. Spammers leave comments and reviews, create fake registrations and orders. The classic method of dealing with bots, CAPTCHA, is ineffective in this case because it annoys real users. In addition, bots have learned to circumvent such tools.

Most often, spam is harmless, but it happens that bots offer dubious services: place advertisements for the sale of fake things and medicines, promote links to porn sites and lead users to fraudulent resources.

How to detect spam bots:

  • If spam has appeared on your site, then most likely it is the bots themselves that are posted.
  • Your mailing list has many invalid addresses. Bots often leave non-existent emails.
  • Your partners and advertisers complain that spam leads are coming from your site.

From this article it may seem that struggling with bots on your own is difficult. In fact, the way it is, and it is better to entrust the protection of the site to professionals. Even large companies often are not able to independently track illegitimate traffic and even more so filter it, since this requires considerable expertise and high costs for the IT team.

Variti protects sites and APIs from all types of bot attacks, including fraud, DDoS, click and parsing. Own Active Bot Protection technology allows detecting and cutting off bots without CAPTCHA and IP address blocking.

Also popular now: