Dealing with bot attacks
In last couple years we begun to see more bot attacks than before.
A bot attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
Because each bot is a legitimate Internet device, separating the attack traffic from normal traffic can be difficult.
How we can detect attack?
- Suspicious amounts of traffic originating from a single IP address or IP range
- A flood of traffic from users who share a single behavioral profile, such as device type, geolocation, or web browser version
- An unexplained surge in requests to a single page or endpoint
- Odd traffic patterns such as spikes at odd hours of the day or patterns that appear to be unnatural (e.g. a spike every 10 minutes)
Bot attack can target
- login
- account creation
- newsletter signup
- credit card or payment processing
- forgot password
The best we can do is to have good protection for all cases.
Now let us look into actions we can take.
WAF and DDOS Protection
We have to analyze incoming network for bad bots, so we can filter them out first. Because if we block all bots than we can find ourself in blocking indexing bots such as Google, Microsoft, Yahoo and etc.
If you have increased number of requests, below steps need to be taken
- Block countries from where attacks are originating
- If attacks are following common patterns in requests, block them with firewall rules
- Block IPs that you think are bad and making more requests than usual
- Have Rate Limiting applied, for example if you are getting 5 requests in 10 seconds to login endpoint then block the ip for 1 hour at least
Email Verification
If you are receiving large amount of requests, they can use all kind of emails such as valid, not valid and spam inboxes of users. After adding above steps you have make sure valid emails are passing through.
- Email passing regex check
- Email passing DNS check, so not junky domains are used
- Validate email with 3rd party checkers
Captcha Validation
Use captcha validation, such as I am not robot or Invisible captcha so after submitting request you can validate request per call.
This way we are making sure only humans can make requests.
These all actions can be legitimate way of mitigating bot attacks but sometimes it is not enough. Because flood of attacks come suddenly in a blink of eye, and it can take time and effort to prevent it.
But if you take above actions, at least you will able to prevent damage before it goes beyond your control.
Please always feel free to ask questions and contact me via LinkedIn
