You’ve got bots visiting your website regularly, so how do you keep them in check?
Websites are targeted for various reasons and attacked using a variety of tactics, so there’s no one-size-fits-all solution for defending against bots. However, there are some practical steps you can take to start tackling the issue.
- Block or Use CAPTCHA for Outdated Web Browsers. Many tools and scripts come with default settings that include lists of old web browser versions. While this won’t stop the most advanced attackers, it might discourage some. The risk of blocking outdated browsers are quite low since modern browsers typically update automatically, making it tough to use old versions for browsing.
- Stop Access from Known Hosting Providers and Proxy Services Even if highly skilled attackers move to harder-to-block networks, many less skilled ones use easily accessible hosting and proxy services. Denying access from these sources could discourage attackers from targeting your website, API, and mobile apps.
- Safeguard Every Entry Point for Bad Bots. It’s vital to protect exposed APIs and mobile apps, not just your main website. Also, share blocking information between different systems whenever possible. Ensuring that potential backdoor paths are closed is
essential. - Safeguard Every Entry Point for Bad Bots. It’s vital to protect exposed APIs and mobile apps, not just your main website. Also, share blocking information between different systems whenever possible. Ensuring that potential backdoor paths are closed is essential.
- Look into Unusual Traffic Spikes, while sudden spikes in traffic might seem like a success, can you pinpoint the exact source of the spike? An unexplained spike could indicate the presence of harmful bot activity
- Monitor Failed Login Attempts. Set a baseline for failed login attempts and monitor for unusual or sudden increases. Configure alerts to notify you automatically if any anomalies occur. Advanced “low and slow” attacks might not trigger user or session-level alerts, so it’s important to set broader thresholds.
- Stay Alert to Public Data Breaches, Credentials that have recently been stolen are more likely to still be active. Whenever significant breaches occur, you can expect bots to use those credentials more frequently to target your site
