Bots! They will be on your website every day. You won’t even know that they are there. Every website is targeted for various reasons and by various methods. Therefore you will not be able to find a single defence mechanism to chase them away. But there are some precautions you can take. Stay with us.
1. Block or CAPTCHA outdated user agents or browsers
The default configurations for many tools and scripts you are using contain outdated user-agent string lists. The step I am going to introduce you won’t stop the advanced attackers but may discourage some. When considering the risk of blocking outdated user agents or browsers, that is very low. Usually the majority of the modern browsers force auto-update, so you can’t surf the web using an outdated version.
You can block or CAPTCHA the following browser versions.
2. Block known hosting providers and proxy services
Usually, most advanced attackers are difficult to control. But the other less complicated ones use hosting and proxy services. So, blocking that access will discourage attackers from coming after your site, API, and mobile apps.
Just block the following data centres.
CAPTCHA these centres.
3. Secure every bad access point
Please make sure to secure every exposed access point including APIs and mobile apps. And share blocking information in between systems whenever possible.
Securing only the website won’t do much good when other access points are open.
4. Carefully evaluate traffic sources
First, you have to carefully monitor the traffic sources. Look for high bounce rates and lower conversion rates from some traffic sources as these might be signs of bot traffic.
5. Investigate traffic spikes
As you all know traffic spikes indicate the success of your business. But what if you can’t find the exact source of the spike? Those ones can be signs of bad bot activity.
6. Monitor for failed login attempts
Start with your failed login attempt baseline. Then look for anomalies or spikes. You can set up alerts so you will be notified if something happens. Don’t forget to set global thresholds as advanced attackers often don’t trigger user or session-level alerts.
7. Monitor increases in failed validation of gift card numbers
A rise in failures and traffic to gift card validation could be a signal that bots like GiftGhostBot are trying to steal gift card balances.
8. Pay close attention to public data breaches
Recently stolen credentials can still be active. When there is a large breach occur somewhere, bad bots may run those credentials against your site with a high frequency.
9. Evaluate a Bot Mitigation solution
The bot issue is a burden to all. They are attacking websites all around the world, day by day. Waste your resources and will be a strain to the IT staff.
Nowadays bots even mimic human behaviour and can bypass traditional security tools. So we recommend you to consider evaluating a bot mitigation vendor. Select one that have industry expertise and vigilant support. So you will be able to get full visibility and control over abusive traffic.