Seven threats from bots to your site

DDoS attacks remain one of the most discussed topics in the field of information security. Moreover, not everyone knows that bots traffic, which is a tool for such attacks, entails many other dangers for online business. With the help of bots, attackers can not only disable the site, but also steal data, distort business metrics, increase advertising costs, and spoil the reputation of the site. Let us examine the threats in more detail, as well as recall the basic methods of protection.

Parsing

Bots Parsyat (that is, collect) data on third-party sites constantly. They steal content to publish it later without reference to the source. At the same time, the placement of copied content on third-party sites lowers the source resource in search results, which means reducing the audience, sales and advertising revenues of the site. Bots also track prices to sell products cheaper and divert customers. Buy various things to resell more expensive. Can create false orders to load logistic resources and make products unavailable to users.
')
Parsing significantly affects the work of online stores, especially those with the main traffic coming from the aggregator sites. The attackers, after parsing prices, set the cost of the product slightly lower than the original, and this allows them to rise noticeably in the search results. Tourist portals are also often subjected to bots attacks: they steal information about tickets, tours and hotels.

In general, the moral is simple: if your resource has unique content, the bots have already left for you.

You can notice the parsing on sudden bursts of traffic, as well as tracking the pricing policy of competitors. If other sites instantly copy your changes in cost, it means that bots are likely to be involved.

Cheat

Cheating indicators - a concomitant effect of the presence of bots on the site. Every action bots reflected in business metrics. Since the share of illegitimate traffic is palpable, decisions based on resource analytics are often erroneous.

Marketers study how visitors use a resource and make purchases. Look at conversion rate and leads and determine key sales funnels. Companies also conduct A / B tests and, depending on the results, write strategies for the operation of the site. Bots also affect all these indicators, which leads to irrational decisions and excessive marketing costs.
Attackers can use bots and in order to affect the reputation of sites, including social networks. The situation is the same with sites for online voting, where bots often wind up indicators in order to defeat the option they want.

How can I detect cheating:

• Check analytics. The sharp and unexpected growth of any indicator, for example, login attempts, often means a bot attack.
• Track changes in the origin of traffic. It happens that an unusually large number of requests from unusual countries come to the site - it is strange if you didn’t target the campaign.

DDoS attacks

Many have heard of DDoS attacks or even encountered them. It is worth noting that the resource is not always disabled by high traffic. API attacks are often low-frequency, and while the application fails, the firewall and load balancer work as if nothing had happened.

Tripling the traffic to the main page does not affect the performance of the site, but the same load directly on the page with the basket leads to problems, because the application starts sending multiple requests to all components involved in the transaction.

How to detect attacks (the first two points may seem obvious, but do not neglect them):

• Buyers complain that the site is down.
• Site or individual pages are slow.
• The traffic on individual pages grows sharply, a large number of requests appear in the cart or on the payment page.

Hacking personal accounts

BruteForce, or brute force, is organized using bots. For hacking, leaked databases are used. On average, users come up with no more than five password options for all online accounts - and the options are easily matched by bots that check millions of combinations in the shortest possible time. Then the attackers can resell the current combination of logins and passwords.

Also, hackers can take possession of personal accounts and then use them to their advantage. For example, withdraw accumulated bonuses, steal tickets purchased for events - in general, there are a lot of options for further actions.

Recognizing BruteForce is not too difficult: the fact that hackers are trying to hack an account is said by an unusually high number of unsuccessful login attempts. Although it happens that attackers send a small number of requests.

Clicking

Clicking advertisements with bots can lead to significant losses for companies if they are not noticed. During the attack, bots go on ads posted on the site and thereby significantly affect the metrics.

Advertisers, obviously, expect that the banners and videos placed on the sites will be seen by real users. But since the number of impressions is limited, advertising, because of bots, is shown to an ever smaller number of people.

The sites themselves want to increase their profits by advertising. And advertisers, if they see botov traffic, reduce the amount of placements on the site, which leads to losses, and to the deterioration of the reputation of the site.

Experts identify the following types of advertising fraud:

• False views. Bots visit many pages of the site and generate illegitimate ad views.
• Clickfrod. Bots follow advertising links in the search, which leads to an increase in search advertising costs.
• Retargeting. Before bots, bots visit many legitimate sites in order to create a cookie that is more expensive for advertisers.

How to detect click? Usually, after clearing the traffic from fraud, the conversion rate decreases. If you see that the volume of clicks on banners is higher than expected, this indicates the presence of bots on the site. Other indicators of illegitimate traffic can be:

• Growth in ad clicks with minimal conversion.
• Conversion is reduced, although the content of advertising has not changed.
• Multiple clicks from the same IP address.
• Low share of user involvement (including a large number of failures) with an increase in clicks.

Vulnerability Scan

Vulnerability testing is performed by automated programs that look for weaknesses in the site and API. Popular tools include Metasploit, Burp Suite, Grendel Scan and Nmap. Both specially targeted services and intruders can scan the site. Sites agree with hacking experts to test their protection. In this case, the IP addresses of the auditors are entered into white lists.

The attackers test sites without prior agreement. In the future, hackers use the results of checks for their own purposes: for example, they can resell information about the weak points of the site. It happens that resources are scanned not purposefully, but as part of exploiting the vulnerability of third-party resources. Consider WordPress: if a bug is found in any version, the bots search for all sites that use this version. If your resource is in such a list, you can wait for the visit of hackers.

How to detect bots?

To find the weaknesses of the site, attackers first conduct reconnaissance, which leads to an increase in suspicious activity on the site. Filtering bots at this stage will help avoid subsequent attacks. Although bots are difficult to detect, requests to all pages of the site sent from one IP address can become an alarm signal. It is worth paying attention to the growth of requests to non-existent pages.

Spam

Bots can fill out forms with “junk” content without your knowledge. Spammers leave comments and reviews, create fake registrations and orders. The classic method of dealing with bots, CAPTCHA, is in this case ineffective because it annoys real users. In addition, bots have learned to circumvent such tools.

Most often, spam is harmless, but it happens that bots offer dubious services: place ads on the sale of fake items and medicines, promote links to porn sites and lead users to fraudulent resources.

How to detect bots spammers:

• If spam has appeared on your site, then most likely its own bots are placed.
• Your mailing list has many invalid addresses. Bots often leave non-existent e-mails.
• Your partners and advertisers complain that spam leads are coming from your site.

From this article it may seem difficult to fight bots on your own. In fact, the way it is, and it is better to entrust the protection of the site to professionals. Even large companies are often unable to independently track illegitimate traffic and, moreover, filter it, since this requires considerable expertise and high expenses for the IT team.

Variti protects websites and APIs from all types of bots attacks, including fraud, DDoS, click and parsing. Own technology Active Bot Protection allows you to detect and cut off bots without CAPTCHA and blocking IP addresses.