So, whatcha going to do when Bad Bots come for you?
According to a recent report by Distil Networks, Inc.,the global leader in bot detection and migration, it seems like almost every website that has a login page has bad bots. Bad bots are the automated programs used by hackers, fraudsters and competitors to carry out a variety of activities.
To keep up on all the bad bot activity, Distil released its fourth bad bot report entitled “The 2017 Bad Bot report: If you Build it, They Will Come.” It is the most in-depth analysis on the levels of 2016’s bot activity.
The findings in the report suggest that websites that require a login are almost certain to be attacked, with 96% of such sites targeted by malicious bots. Bad bots are the key culprits behind web scraping, brute force attacks, competitive data mining, online fraud, account hijacking, data theft, spam, digital ad fraud, and downtime.
Whatcha going to do?
The report also includes attributes that make specific websites appealing to bad bots, including: unique content and/or product and pricing information; sign-up, login, and account pages; payment processors; web forms, such as contact, discussion forums, and reviews.
For smaller organizations, using WordPress or a CMS block bots requests with available plugins. This article by Perishable Press is a quick and easy resource to find free and paid plugins such as: Black holes, BBQs, advice for PHP, database driven sites, and how to access and analyze log files.
For corporate settings, implementing a web application firewall, (WAF) that is dedicated to defending incoming web-based traffic streams in real-time is imperative. You’re going to want to select a vendor with the ability to analyze and classify all incoming traffic to your website and can distinguish between human and bot traffic, and identifies the “good” the “bad” and the “suspected” bots.
In this scenario, the bypass network TAP is deployed between the live network traffic and Imperva’s SecureSphere WAF. By having both devices actively, in-line all traffic is inspected by the WAF. The network bypass TAP ensures network uptime, even in the event of security updates and maintenance.
Don’t let cyber-criminals steal your assets, ruin your reputation or comprise hard-won customer relationships. Learn how to mitigate risk with tips from our whitepaper Protecting the Data: 5 Tools to Fights Against Today's Threats