DDoS attacks remain one of the most discussed topics in the field of information security. At the same time, not everyone knows that bot traffic, which is the tool for such attacks, entails many other dangers for online business. With the help of bots, attackers can not only disable the site, but also steal data, distort business metrics, increase advertising costs, and damage the reputation of the site. We will analyze the threats in more detail, and also recall the basic methods of protection.
Parsing
Bots parse (that is, collect) data on third-party sites constantly. They steal content so that they can publish it later without citing the source. At the same time, the placement of copied content on third-party sites lowers the source resource in the search results, which means a reduction in the audience, sales and advertising revenue of the site. The bots also track prices to sell products cheaper and steal customers. They buy various things in order to resell at a higher price. Can create false orders to load logistics resources and make products inaccessible to users.
Parsing significantly affects the work of online stores, especially those whose main traffic comes from aggregator sites. Attackers, after parsing prices, set the cost of the product slightly lower than the original one, and this allows them to noticeably rise in the search results. Travel portals are also often subject to bot attacks: they steal information about tickets, tours and hotels.
In general, the moral is simple: if your resource has unique content, the bots have already left for you.
Parsing is possible by sudden bursts of traffic, as well as by tracking the pricing policy of competitors. If other sites instantly copy your price changes, then bots are most likely involved.
Cheat
Cheat indicators are a side effect of the presence of bots on the site. Each action of the bots is reflected in business metrics. Since the share of illegitimate traffic is palpable, decisions based on resource analytics are often erroneous.
Marketers study how visitors use a resource and make purchases. Look at conversion rates and leads and identify key sales funnels. Companies also conduct A / B tests and, depending on the results, write strategies for the site. Bots affect all these indicators, which leads to irrational decisions and excessive marketing costs.
Attackers can also use bots to influence the reputation of sites, including social networks. The situation is the same with online voting sites, where bots often cheat indicators in order to win the option that the attackers want.
How to detect cheats:
- Check analytics. A sharp and unexpected increase in some indicator, such as login attempts, often means a bot attack.
- Track changes in the origin of traffic. It happens that the site receives an unusually large number of requests from unusual countries - this is strange if you did not target campaigns to them.
DDoS attacks
Many have heard of or even experienced DDoS attacks. It is worth noting that a resource is not always disabled by high traffic. API attacks are often low-frequency, and while the application crashes, the firewall and load balancer work as if nothing had happened.
Tripling the traffic to the main page may not affect the performance of the site, but the same load directly to the page with the basket leads to problems, as the application begins to send multiple requests to all the components involved in transactions.
How to detect attacks (the first two points may seem obvious, but do not neglect them):
- Customers complain that the site does not work.
- The site or individual pages are slow.
- There is a sharp increase in traffic on individual pages, a large number of requests to the cart or to the payment page.
Hacking personal accounts
BruteForce, or password brute force, is organized with the help of bots. Leaked databases are used for hacking. On average, users come up with no more than five password options for all online accounts - and options are easily picked up by bots that check millions of combinations in the shortest possible time. The attackers can then resell actual combinations of logins and passwords.
Also, hackers can take over personal accounts and then use them to their advantage. For example, withdraw accumulated bonuses, steal purchased tickets to events - in general, there are many options for further actions.
Recognizing BruteForce is not too difficult: the fact that hackers are trying to hack into an account is indicated by an unusually high number of unsuccessful login attempts. Although it happens that attackers send a small number of requests.
Clicking
Clicking on advertisements by bots can lead to significant losses for companies if it is not noticed. During the attack, bots click on the ads posted on the site and thus significantly affect the metrics.
Advertisers obviously expect that the banners and videos placed on the sites will be seen by real users. But since the number of impressions is limited, ads, due to bots, are shown to fewer and fewer people.
The sites themselves want to increase their profits by displaying ads. And advertisers, if they see bot traffic, reduce the volume of placements on the site, which leads to both losses and a deterioration in the reputation of the site.
Experts identify the following types of advertising fraud:
- Fake views. Bots visit many pages of the site and generate illegitimate ad views.
- Clickfraud. Bots click on advertising links in search, which leads to an increase in the cost of search advertising.
- Retargeting. Bots visit many legitimate sites before being clicked to set a cookie, which costs more for advertisers.
How to detect clicks? Usually, after cleaning traffic from fraud, the conversion rate decreases. If you see that the volume of clicks on banners is higher than expected, then this indicates the presence of bots on the site. Other indicators of illegitimate traffic can be:
- The growth of clicks on advertisements with a minimum conversion.
- Conversions are dropping even though the ad content hasn't changed.
- Multiple clicks from the same IP address.
- Low share of user engagement (including a large number of bounces) with an increase in clicks.
Search for vulnerabilities
Vulnerability testing is performed by automated programs that look for weaknesses in the site and API. Popular tools include Metasploit, Burp Suite, Grendel Scan, and Nmap. The site can be scanned both by services specially hired by the company and by attackers. Sites negotiate with hacking specialists to test their protection. In this case, the IP addresses of auditors are entered into whitelists.
Attackers, on the other hand, test sites without prior agreement. In the future, hackers use the results of the checks for their own purposes: for example, they can resell information about the weaknesses of the site. It happens that resources are scanned not purposefully, but as part of exploiting the vulnerability of third-party resources. Take WordPress: if a bug is found in any version, the bots look for all sites that use this version. If your resource is included in such a list, you can expect a visit from hackers.
How to detect bots?
To find the site's weaknesses, attackers first conduct reconnaissance, which leads to an increase in suspicious activity on the site. Filtering bots at this stage will help avoid subsequent attacks. Although bots are difficult to detect, requests sent from the same IP address to all pages of the site can be a wake-up call. It is worth paying attention to the growth of requests to non-existent pages.
Spam
Bots can fill in site forms with "garbage" content without your knowledge. Spammers leave comments and reviews, create fake registrations and orders. The classic method of dealing with bots, CAPTCHA, is ineffective in this case, as it annoys real users. In addition, bots have learned to bypass such tools.
Most often, spam is harmless, but it happens that bots offer dubious services: they place ads for the sale of fake things and medicines, promote links to porn sites and take users to fraudulent resources.
How to detect spammer bots:
- If spam appears on your site, then most likely bots actually place it.
- There are many invalid addresses in your mailing list. Bots often leave non-existent emails.
- Your affiliates and advertisers are complaining that spam leads are coming from your site.
From this article it may seem that it is difficult to deal with bots on your own. In fact, the way it is, and it is better to entrust the protection of the site to professionals. Even large companies are often unable to independently monitor illegitimate traffic and even more so filter it, since this requires significant expertise and high costs for the IT team.
Variti protects websites and APIs from all types of bot attacks, including fraud, DDoS, click-through and scraping. Own Active Bot Protection technology allows you to identify and cut off bots without CAPTCHA and blocking IP addresses.
Source: habr.com