Botnet

• Botnet

A botnet is a number of Internet-connected computers communicating with other similar machines in which components located on networked computers communicate and coordinate their actions by command and control (C&C) or by passing messages to one another (C&C might be built into the botnet as P2P)
https://en.wikipedia.org/wiki/Botnet

• The word Botnet is formed from the words ‘robot’ and ‘network’. Cybercriminals use special Trojan viruses to breach the security of several users’ computers, take control of each computer and organise all of the infected machines into a network of ‘bots’ that the criminal can remotely manage.

https://usa.kaspersky.com/resource-center/threats/botnet-attacks

• Bot Mitigation

Good Bots
These are bots such as Google’s search bots or Pingdom which are operated by well-known and commonly-used services.
Bad Bots
These include comment spammers, SQL Injection worms, vulnerability scanners and other known malicious bots.
Suspected Bots
There are a huge number of bots on the web being used for various purposes. Unwanted bots generate redundant load on the webserver, pose the risk of scraping and content theft while not adding any value to the website itself.

https://www.incapsula.com/website-security/access-control.html

• Browser-based Botnet: Attack Methodology

The attack was executed by an unidentified botnet, which employed browser-based bots that were able to retain cookies and execute JavaScript. Early in the attack they were identified as PhantomJS headless-browsers.
PhantomJS is a development tool that uses a bare-bone (or “headless”) browser, providing its users with full browsing capabilities but no user interface, no buttons, no address bar, etc. PhantomJS’s can be used for automation and load monitoring.besides using human-like bots, the attackers also made an effort to mimic human behavior, presumably to avoid behavior-based security rules. To that end, the attackers leveraged the number of available IP addressed to split the load in a way that would not trigger rate-limiting.At the same time, by constantly introducing new IPs, the attackers made sure that IP restriction would be just as ineffective. The bots were also programmed for human-like browsing patterns; accessing the sites from different landing pages and moving through them at a random pace and varied patterns, before converging on the target resource.
However, by using a known headless-browser webkit, the attackers left themselves open to detection by our Client Classification mechanism, which – interestingly enough – uses the same technology as our free plan ‘Bot Filtering’ feature. in this case, the attackers’ weapon of choice – the PhantomJS webkit – is one of those signatures.
while the attacker were ducking and diving to make their bots look like humans, all our team really had to do was to let our system discover the type of headless-browsers they were using. From there it was a simple task of blocking all PhantomJS instances. We even left a redemption option, offering the visitors to fill a CAPTCHA, just in case any of them were real human visitors.
https://www.incapsula.com/blog/headless-browser-ddos.html

• 5 Bot Mitigation Techniques to Try on Your E-commerce Site

Install bot detection and protection software.
Keep a bot database.
Add CAPTCHAs and honeypots to all forms.
Do a regular sweep for duplicate content.
Watch your PPC campaigns and competitors carefully.
https://resources.distilnetworks.com/all-blog-posts/5-bot-mitigation-techniques-to-try-on-your-ecommerce-site