A botnet is
a number of Internet-connected computers communicating with other similar machines in which components
located on networked computers communicate and coordinate their actions by command and control (C&C) or by passing messages to one another (C&C might
be built into the botnet as P2P)
https://en.wikipedia.org/wiki/Botnet
- The word Botnet is formed from the words ‘robot’ and ‘network’. Cybercriminals use special Trojan viruses to breach the security of several users’ computers, take control of each computer and organise all of the infected machines into a network of ‘bots’ that the criminal can remotely manage.
https://usa.kaspersky.com/resource-center/threats/botnet-attacks
Good Bots
These are bots such as Google’s search bots or Pingdom which
are operated by well-known and
commonly-used services.
Bad Bots
These include comment spammers, SQL Injection worms, vulnerability scanners and other known malicious bots.
Suspected Bots
There are a huge number of bots on the web being used for various purposes. Unwanted bots generate redundant load on the
webserver, pose the risk of scraping and content theft while not adding any value to the website itself.
https://www.incapsula.com/website-security/access-control.html
- Browser-based Botnet: Attack Methodology
The attack was executed by an unidentified botnet, which employed browser-based bots that were able to retain cookies and execute JavaScript. Early in the attack
they were identified as
PhantomJS headless-browsers.
PhantomJS is a development tool that uses a bare-bone (or “headless”) browser, providing its users with full browsing capabilities but no user interface, no buttons, no address bar, etc.
PhantomJS’s can
be used for automation and load monitoring
.besides using human-like bots, the attackers also
made an effort to mimic human behavior, presumably to avoid behavior-based security rules.
To that end, the attackers leveraged the number of
available IP addressed to split the load in a way that would not trigger rate-limiting
.At the same time, by constantly introducing new IPs, the attackers made sure that IP restriction would be just as ineffective.
The bots were also programmed for human-like browsing patterns; accessing the sites from different landing pages and moving through them at a random pace and varied patterns, before converging on the target resource.
However, by using a known headless-browser
webkit, the attackers left themselves open to detection by our Client Classification mechanism, which
– interestingly enough
– uses the same technology as our free plan ‘Bot Filtering’ feature.
in this case, the attackers’ weapon of choice
– the
PhantomJS webkit – is one of those signatures.
while the attacker were ducking and diving to make their bots look like humans, all our team really had to do was to let our system discover the
type of headless-browsers they were using. From there it was a simple task of blocking all
PhantomJS instances. We even left a redemption option, offering the visitors to fill a CAPTCHA, just in case any of them were real human visitors.
https://www.incapsula.com/blog/headless-browser-ddos.html
- 5 Bot Mitigation Techniques to Try on Your E-commerce Site
Install
bot detection and protection software.
Keep a
bot database.
Add CAPTCHAs and honeypots to all forms.
Do a regular sweep for duplicate content.
Watch your PPC campaigns and competitors carefully.
https://resources.distilnetworks.com/all-blog-posts/5-bot-mitigation-techniques-to-try-on-your-ecommerce-site
No comments:
Post a Comment