{"id":18829,"date":"2020-09-24T13:26:20","date_gmt":"2020-09-24T05:26:20","guid":{"rendered":"https:\/\/www.exabytes.sg\/blog\/?p=18829"},"modified":"2020-11-23T14:28:47","modified_gmt":"2020-11-23T06:28:47","slug":"how-to-detect-and-manage-web-bots","status":"publish","type":"post","link":"https:\/\/www.exabytes.sg\/blog\/how-to-detect-and-manage-web-bots\/","title":{"rendered":"How to Detect and Manage Web Bots?"},"content":{"rendered":"<p><span style=\"font-weight: 400;\"><img data-recalc-dims=\"1\" decoding=\"async\" class=\"alignnone wp-image-18830 size-full\" src=\"https:\/\/i0.wp.com\/www.exabytes.sg\/blog\/wp-content\/uploads\/2020\/09\/1200x628-sg-blogpostBanner-how-to-detect-and-manage-web-bots.jpg?resize=696%2C364&#038;ssl=1\" alt=\"\" width=\"696\" height=\"364\" srcset=\"https:\/\/i0.wp.com\/www.exabytes.sg\/blog\/wp-content\/uploads\/2020\/09\/1200x628-sg-blogpostBanner-how-to-detect-and-manage-web-bots.jpg?w=1200&amp;ssl=1 1200w, https:\/\/i0.wp.com\/www.exabytes.sg\/blog\/wp-content\/uploads\/2020\/09\/1200x628-sg-blogpostBanner-how-to-detect-and-manage-web-bots.jpg?resize=300%2C157&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.exabytes.sg\/blog\/wp-content\/uploads\/2020\/09\/1200x628-sg-blogpostBanner-how-to-detect-and-manage-web-bots.jpg?resize=1024%2C536&amp;ssl=1 1024w, https:\/\/i0.wp.com\/www.exabytes.sg\/blog\/wp-content\/uploads\/2020\/09\/1200x628-sg-blogpostBanner-how-to-detect-and-manage-web-bots.jpg?resize=768%2C402&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.exabytes.sg\/blog\/wp-content\/uploads\/2020\/09\/1200x628-sg-blogpostBanner-how-to-detect-and-manage-web-bots.jpg?resize=696%2C364&amp;ssl=1 696w, https:\/\/i0.wp.com\/www.exabytes.sg\/blog\/wp-content\/uploads\/2020\/09\/1200x628-sg-blogpostBanner-how-to-detect-and-manage-web-bots.jpg?resize=1068%2C559&amp;ssl=1 1068w, https:\/\/i0.wp.com\/www.exabytes.sg\/blog\/wp-content\/uploads\/2020\/09\/1200x628-sg-blogpostBanner-how-to-detect-and-manage-web-bots.jpg?resize=803%2C420&amp;ssl=1 803w, https:\/\/i0.wp.com\/www.exabytes.sg\/blog\/wp-content\/uploads\/2020\/09\/1200x628-sg-blogpostBanner-how-to-detect-and-manage-web-bots.jpg?resize=218%2C114&amp;ssl=1 218w\" sizes=\"(max-width: 696px) 100vw, 696px\" \/><\/span><\/p>\n<p><span style=\"font-weight: 400;\">Bot detection should be a cybersecurity priority for any businesses with a website or any online presence. <\/span><a href=\"https:\/\/thenextweb.com\/security\/2019\/04\/17\/bots-drove-nearly-40-of-internet-traffic-last-year-and-the-naughty-ones-are-getting-smarter\/\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">Close to 40%<\/span><\/a><span style=\"font-weight: 400;\"> of global web traffic comes from malicious bots, a lot of them are responsible for many serious data breaches, DDoS attacks, and various other cybersecurity threats.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">On the other hand, detecting and filtering out malicious bot traffic is now harder than ever. Today\u2019s bots are so sophisticated in mimicking human behaviors and\/or masking their attack patterns to circumvent the common bot detection solutions.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Today\u2019s 4th-generation of bots have also utilized various AI and machine learning technologies, so an advanced bot detection solution is now a necessity. They are virtually impossible to detect without truly specialized expertise in dealing with both activities and the assistance of AI-based behavioral detection.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In this guide, we will take a look at the current state of malicious bot activities and how they are distributed, the key requirements for a reliable bot detection solution, and how we can properly secure our system from bot-related cybersecurity threats.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Let us begin by discussing the current state of malicious bot activities and the challenges in bot detection and filtration.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Current Challenges in Detecting Malicious Bot Traffic<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">First, we have to understand that detecting malicious bot traffic involves two different aspects: differentiating between bot traffic and legitimate human traffic, and then, differentiating between good bots and malicious bots.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Obviously we wouldn\u2019t want to accidentally block our valuable human traffic, and with the sophistication of today\u2019s bots in mimicking human activities, differentiating between human users and bots alone is now pretty challenging. Today\u2019s malicious bots are purposely designed to evade traditional bot detection solutions.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Second, we have to remember that there are \u2018good\u2019 bots we wouldn\u2019t want to block from our site. For example, we wouldn\u2019t want to block Google\u2019s crawler bots, which is useful in getting our site ranked on Google\u2019s SERP. Discerning between these good bots with malicious ones is even more difficult at the moment. We will discuss more about good bots vs malicious bots in the next section.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Internet bots have dramatically evolved in recent years, and in cybersecurity point of view, we can divide these bots into four different generations:\u00a0<\/span><b><\/b><\/p>\n<ul>\n<li><b>Gen-1 bots: <\/b><span style=\"font-weight: 400;\">the first generation bots are built with basic programming languages and are used to perform basic automation tasks like web\/content scraping, carding, comment\/form spamming, and other relatively simple threats. They are often characterized by their use of inconsistent UAs (User-Agents), and they tend to use the same IP addresses. So, IP-based detection and blocking are typically effective.\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li><b>Gen-2 bots: <\/b><span style=\"font-weight: 400;\">second-generation bots typically operate via \u201cheadless\u201d browsers like PhantomJS and headless mode of Chrome or Firefox. Characterized by their ability to execute JavaScript and maintain cookies, so JavaScript-based challenges and CAPTCHAs are ineffective with these gen-2 bots.\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li><b>Gen-3 bots: <\/b><span style=\"font-weight: 400;\">third-generation bots can mimic basic human behaviors and interactions like simple non-linear mouse movements, clicks, irregular keystrokes, and so on. However, they are not yet very sophisticated in simulating human-like randomness.\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li><b>Gen-4 bots:<\/b><span style=\"font-weight: 400;\"> at the moment, the latest generation of bots that can perform sophisticated human-like behaviors like truly non-linear mouse movements and random clicks. Also, 4th-gen bots can change their User-Agents while changing between hundreds or even thousands of IP addresses. With these advanced traits, detecting gen-4 bots is now very challenging.<\/span><\/li>\n<\/ul>\n<h2><span style=\"font-weight: 400;\">Good Bots VS Bad Bots<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">As briefly discussed, it\u2019s very important to avoid accidentally blocking good bots since they can be really beneficial for our website.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The typical good bots can perform the following tasks:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Index your different pages to parse your content<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Monitor your overall website\u2019s performance (i.e. so it\u2019s available in Google Analytics)<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Obtain RSS feed data<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Some cybersecurity solutions use bots to protect your website and webserver<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">On the other hand, bad bots or malicious bots are used for harmful purposes, for example:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Content scraping, the bad bots can strain your bandwidth and might also access data\/information that isn\u2019t supposed to be accessed<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">DDoS attack or other forms of attack to disrupt your site\u2019s performance.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Post spam content (i.e. in the comment section), illegal form generation, and other similar activities<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Click PPC ads so will ruin your cost and ROI<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">The damages caused by malicious bots can be extremely serious. It can distort website traffic, causing incorrect metrics, and disturbing the accuracy of your reports. It can steal sensitive data and cause long-term damage to your reputation, and bad bots are often the means of launching DDoS attacks.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This is why properly differentiating traffic coming from good bots and malicious bots are very important if you want to ensure your site\u2019s and business\u2019s cybersecurity. Below we will list some of the major types of good bots so you can identify them properly:\u00a0<\/span><b><\/b><\/p>\n<ul>\n<li><b>Search engine crawlers:<\/b><span style=\"font-weight: 400;\"> like <\/span><a href=\"http:\/\/www.google.com\/bot.html\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">Googlebot<\/span><\/a><span style=\"font-weight: 400;\"> and <\/span><a href=\"https:\/\/www.bing.com\/webmaster\/help\/which-crawlers-does-bing-use-8c184ec0\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">Bingbot<\/span><\/a><span style=\"font-weight: 400;\">. As we\u2019ve briefly discussed above, these bots crawl your site to index it for the respective search engine. We can specify how these bots can index our site via the <\/span><a href=\"https:\/\/support.google.com\/webmasters\/answer\/6062608?hl=en\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">robots.txt file<\/span><\/a><span style=\"font-weight: 400;\">.\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li><b>Social media bots: <\/b><span style=\"font-weight: 400;\">major social media platforms have their own respective bots to conduct various tasks like driving engagement on their platforms and even engage the users. <\/span><a href=\"https:\/\/developers.facebook.com\/docs\/sharing\/webmasters\/crawler\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">Facebook Bot<\/span><\/a><span style=\"font-weight: 400;\"> is an example for this type of bot.<\/span><\/li>\n<\/ul>\n<ul>\n<li><b>Vendor bots: <\/b><span style=\"font-weight: 400;\">for example, <\/span><span style=\"font-weight: 400;\">\u00a0Alexa<\/span><span style=\"font-weight: 400;\"> and <\/span><span style=\"font-weight: 400;\">Slackbot<\/span><span style=\"font-weight: 400;\">. These are the bots that provide information and services related to the vendor\u2019s app.\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li><b>Link checker bots: <\/b><span style=\"font-weight: 400;\">especially owned by SEO analytics solutions, these bots analyze the incoming and outgoing links on a website. <\/span><span style=\"font-weight: 400;\">SEMRushBot<\/span><span style=\"font-weight: 400;\"> owned by SEMRush is a good example for this type of bot.<\/span><\/li>\n<\/ul>\n<ul>\n<li><b>Monitoring bots: <\/b><span style=\"font-weight: 400;\">their main task is to monitor the uptime and performance of the checked websites. <\/span><span style=\"font-weight: 400;\">AlertBot<\/span><span style=\"font-weight: 400;\"> is an example of monitoring bots.<\/span><\/li>\n<\/ul>\n<ul>\n<li><b>Aggregator bots: <\/b><span style=\"font-weight: 400;\">like <\/span><span style=\"font-weight: 400;\">Google Feedfetcher<\/span><span style=\"font-weight: 400;\">, these bots aggregate information from websites and provide users with customized news\/feeds.<\/span><\/li>\n<\/ul>\n<h2><span style=\"font-weight: 400;\">Managing Good Bots<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">While as discussed, good bots are beneficial for our site and we shouldn\u2019t block them, in certain cases, they can cause harm.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">For example, good bot traffic can eat a lot of bandwidth capacity and surpasses the limits of your server, slowing down your site or even causing total failure in the process. This is why before we further discuss how we can detect and block malicious bot activities, we should discuss how we can manage good bots traffic.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Proper management of good bot traffic will also help us further in differentiating between good bots and bad bots to avoid false blocking.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In managing these good bots, it\u2019s important to note that blocking good bots altogether isn\u2019t always recommended, which can produce negative impacts. It\u2019s important to implement whitelisting on good bots that are essential for your site. For example, you\u2019re obviously going to whitelist Googlebot and social media bots in virtually all cases.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">It is, however, advisable to block good bots that are totally unnecessary for your business. For example, if you don\u2019t have a blog, then blocking aggregator bots might not affect your business at all. You can also implement geographic restrictions to block bots from certain countries. If you don\u2019t serve your business in Asia, for example, you might want to blog all bots from China and Japan. Doing this can help you save your site\u2019s resources.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">It\u2019s generally better to always prioritize bots that are critical for your businesses and block\/limit non-crucial ones, and a good practice here is to set up rules in your site\u2019s robots.txt file.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The robots.txt file is a text file that lives on a web server and specifies the rules for any bots who make a request to the website. For example, we can write a rule in the robots.txt file to limit Googlebot from indexing a specific page (i.e. if it\u2019s an old content).\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Good bots are <\/span><i><span style=\"font-weight: 400;\">always<\/span><\/i><span style=\"font-weight: 400;\"> programmed to look for robots.txt and follow its specified rules, but it is important to note that bad bots tend to disregard the robots.txt file or even try to use what\u2019s written on robots.txt file to find potential vulnerabilities. So, while defining the rules\/policies for bot behavior in the robots.txt file it\u2019s important, it\u2019s not going to be 100% effective.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Another important thing to consider is that it is a common approach for malicious bots to mask itself as crawler bots or other types of good bots to evade traditional bot detection systems. We can implement measures like reverse DNS lookup, behavior comparison (more on this below), and other techniques to help counter this attack vector.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Two Types of Bot Detection Techniques<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">While there are various different methods in attempting bot detection, they can be boiled down into just two main detection techniques: fingerprinting\/signature-based detection and behavioral-based detection<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\">\n<h3><span style=\"font-weight: 400;\">Fingerprinting-based detection<\/span><\/h3>\n<\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">This family of detection techniques involve recognizing information (the \u2018fingerprints) like the device used by the incoming traffic, browsers used, OS, number of CPU cores, and other signatures and patterns that can be identified.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The main approach here is to collect a set of attributes related to the traffic\u2019s device or browser to characterize the traffic, and then all the attributes collected are analyzed whether they contain any \u2018fingerprint\u2019 of malicious bots.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">While attempting fingerprinting in the context of cybersecurity, it\u2019s safe to assume that attackers and malicious bots are lying about their fingerprints. This is why in security fingerprinting, it\u2019s necessary to collect multiple attributes and compare them to check whether their values are consistent with each other (to identify spoofing).\u00a0<\/span><\/p>\n<h4><b>Browser Fingerprinting<\/b><\/h4>\n<p><span style=\"font-weight: 400;\">Browser fingerprinting typically utilizes Javascript to especially check HTTP headers sent by the browser. The main idea in detecting bots using browser fingerprinting is to collect information about the device, operating system (OS), and the browser used. The collected \u2018fingerprint\u2019 is then analyzed via <\/span><a href=\"https:\/\/usa.kaspersky.com\/resource-center\/definitions\/heuristic-analysis\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">heuristic analysis<\/span><\/a><span style=\"font-weight: 400;\"> to check whether the fingerprints belong to known malicious bots and\/or if they have been modified to mask its identity.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Typically heuristics is done in another server since if it\u2019s directly performed in the webserver\/browser, the bot can use it to gain a fingerprinting script and analyze it to check why their bot is detected (and modify it).\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">It\u2019s common in sophisticated bot activities to remove obvious fingerprints and attributes like attributes for headless browsers (PhantomJS, Selenium, Nightmare, Puppeteer, etc.), so it\u2019s very important in fingerprinting to also check whether the browser\u2019s attributes have been modified. This is why we must perform consistency checks to check for modification:<\/span><\/p>\n<ul>\n<li><b>OS consistency: <\/b><span style=\"font-weight: 400;\">This test is used to check whether the claimed OS in the User-Agent has been modified.\u00a0<\/span><\/li>\n<li><b>Browser consistency: <\/b><span style=\"font-weight: 400;\">we can check if some features that should be present in the claimed browser is present, and we can also use various <\/span><a href=\"https:\/\/support.projectshield.withgoogle.com\/s\/article\/Using-JavaScript-Challenge?language=en_US\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">JavaScript challenges<\/span><\/a><span style=\"font-weight: 400;\"> to check the validity of the claimed browser.\u00a0<\/span><\/li>\n<li><b>Inconsistency in behavior: <\/b><span style=\"font-weight: 400;\">here we check for inconsistencies mainly to detect whether the browser is currently operating in headless mode.\u00a0<\/span><\/li>\n<\/ul>\n<ol>\n<li style=\"font-weight: 400;\">\n<h3><span style=\"font-weight: 400;\">Behavioral-Based Detection<\/span><\/h3>\n<\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">Behavioral detection techniques mainly leverage on the differences in behaviors between human users and bots. Bots, for example, can create a perfectly straight line with their mouse movements, but most humans can\u2019t (at least, not at the same speed as a bot). However, as we\u2019ve discussed above, today\u2019s 3rd and especially 4th-gen bots are pretty good in mimicking human behaviors.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Yet, even when these sophisticated bots are already really good in simulating human behaviors, behavioral-based detection techniques are still useful. Even if the behavioral-based detection is ineffective, it\u2019s going to force the malicious bot to constantly mimic human behaviors, which results in them performing the tasks much slower. This will slow down the bots in achieving their objectives, and the attacker may just give up on the attack.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">However, today\u2019s advanced bot detection solutions have applied machine-learning and AI-based behavioral detection techniques to analyze features extracted from user interactions to better detect gen-4 bots.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In behavioral-based detection, the detection solution can analyze behaviors such as:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Mouse movements (linear or non-linear)<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Scrolling speed and randomness<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Keystrokes and the time between two consecutive keys pressed<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Mouse clicks<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">The number of pages seen during each session (i.e. bots may see the same number of pages in repeated sessions)<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">The order of the pages seen if there\u2019s any pattern. Bots tend to follow a certain pattern, especially in web scraping tasks to be more efficient. Humans tend to be more random.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">The total number of requests<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">The average time spent between two consecutive pages<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Resources blocked\/loaded. To be more efficient, bots may block certain resources like CSS, images, ads, and trackers.<\/span><\/li>\n<\/ul>\n<h2><span style=\"font-weight: 400;\">Ghost Traffic and How To Deal With Them<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Ghost traffic refers to bots that <\/span><i><span style=\"font-weight: 400;\">do not<\/span><\/i><span style=\"font-weight: 400;\"> visit our site at all, but it will appear in your Analytics reports \u2013 especially in the form of referral traffic from irrelevant sites. Ghost traffic targets Google Analytics servers instead of your web server to add data and distorts your reports.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">What is the purpose of a ghost traffic \u2018attack\u2019? The main purpose is to attract you\u2014the webmaster\u2014to check the source and visit the referral site. Once you visit the referral site, you become vulnerable to the attacker, and the perpetrator can then hack your system, inject malware\/virus, or even just to show you an ad to earn money.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Dealing with ghost traffic is fairly simple: we should filter it from our Analytics reports. First, we need to make a list of all the hostnames sending ghost traffic to your Analytics, which is any domain where your Analytics tracking code is present. Most of the ghost traffic tends to come from \u201c(not set)\u201d hostname or they might use real-looking hostnames (i.e. Facebook.com) but the URL will not match once you\u2019ve checked the <\/span><i><span style=\"font-weight: 400;\">Source <\/span><\/i><span style=\"font-weight: 400;\">tab.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">We should first try to get a list of all the hostnames coming to your site, by going to <\/span><b>Audience-&gt; Technology-&gt; Network <\/b><span style=\"font-weight: 400;\">in the reporting section, then selecting <\/span><i><span style=\"font-weight: 400;\">Hostname<\/span><\/i><span style=\"font-weight: 400;\"> as your primary dimension.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The idea is to create a whitelist of genuine hostnames (including your site\u2019s name) you can do this by <\/span><a href=\"https:\/\/support.google.com\/analytics\/answer\/1034324?hl=en\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">creating a regular expression<\/span><\/a><span style=\"font-weight: 400;\"> while including these authentic hostnames. The next thing to do is to create a filter that includes only the valid hostnames:<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Click on the Admin section on your Google Analytics dashboard<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Go to Filters, then Add Filter in the View section, then select Custom as your filter type.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Select Hostname, then paste the regular expression you\u2019ve created above under Filter Pattern<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Click Save<\/span><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">Don\u2019t forget to update your whitelist filter whenever you add your site\u2019s tracking ID to a new website.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Solutions To Block Malicious Bot Traffic<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Now, how should we deal with malicious bot traffic coming to your site? There are several approaches we can implement:\u00a0<\/span><b><\/b><\/p>\n<ul>\n<li><b>Investing in a Bot Management Solution<\/b><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Arguably the best approach, provided you have the budget for it. A bot management solution is a dedicated software\/hardware that will identify and protect your website and system from malicious bot traffic. These solutions typically possess databases listing all the good and bad bots out there that are constantly updated, so you wouldn\u2019t need to worry about accidentally blocking good bots.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The thing is, a <\/span><a href=\"https:\/\/datadome.co\/bot-protection\/\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">good anti bot management solution like DataDome<\/span><\/a><span style=\"font-weight: 400;\"> is not free, and you\u2019d need to consider whether this investment can fit your current cybersecurity budget.\u00a0<\/span><b><\/b><\/p>\n<ul>\n<li><b>WAF (Web Application Firewall)\u00a0<\/b><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">A web application firewall or WAF is a type of firewall designed to protect your web application (web app), and since most websites nowadays involve the use or web apps, then a WAF is a common solution used by many websites to block bad bots from launching web application attacks.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">A WAF acts as a reverse proxy server, sitting between the web application (the webserver) and the client. This way, resources first go to the WAF, where it\u2019s analyzed and filtered, and then once it has passed the \u2018test\u2019, it is sent to the client.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">There are many free, open-source WAFs to choose from, and there are also advanced, premium ones that can monitor all HTTP requests in real-time. However, WAFs are only effective in blocking web-application attacks, and not in blocking all types of malicious bots.<\/span><b><\/b><\/p>\n<ul>\n<li><b>CAPTCHA<\/b><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">CAPTCHA stands for <\/span><span style=\"font-weight: 400;\">&#8220;Completely Automated Public <\/span><a href=\"https:\/\/en.wikipedia.org\/wiki\/Turing_test\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">Turing test<\/span><\/a><span style=\"font-weight: 400;\"> to tell Computers and Humans Apart&#8221;), and as the name suggests, is a common approach to filter out bots and allow human visitors. CAPTCHAs are designed to be (very) easy to solve by human users, and yet very difficult to solve by bots.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Implementing CAPTCHA nowadays is pretty simple, and we can easily use Google\u2019s <\/span><a href=\"https:\/\/developers.google.com\/recaptcha\/docs\/v3\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">reCAPTCHA<\/span><\/a><span style=\"font-weight: 400;\"> for free. However, not only today\u2019s bots are getting better in solving CAPTCHAs, but there are also various CAPTCHA farm services<\/span><span style=\"font-weight: 400;\"> where real humans are paid to solve the CAPTCHA before the bot traffic can take over.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">So, think of CAPTCHA as a preliminary security approach in blocking bots instead of a one-size-fits-all answer.\u00a0<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">End Words<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Above we have discussed some of the most effective ways to keep malicious bots away from your website. However, obviously they are not the only ways available. Site owners should always pay close attention to the incoming traffic and implement <\/span><a href=\"https:\/\/datadome.co\/resources\/web-application-security-best-practices\/\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">the best practices of web application security<\/span><\/a><span style=\"font-weight: 400;\"> to identify and minimize bad bot activities as early as possible.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">When left unchecked, bad bot traffic can easily grow into more serious forms of cybersecurity threats such as DDoS attacks, hacking, and even major data breaches.\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Bot detection should be a cybersecurity priority for any businesses with a website or any online presence. Close to 40% of global web traffic comes from malicious bots, a lot of them are responsible for many serious data breaches, DDoS attacks, and various other cybersecurity threats.\u00a0 On the other hand, detecting and filtering out malicious [&hellip;]<\/p>\n","protected":false},"author":17,"featured_media":18830,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[293],"tags":[],"class_list":["post-18829","post","type-post","status-publish","format-standard","has-post-thumbnail","category-security-backup"],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.exabytes.sg\/blog\/wp-content\/uploads\/2020\/09\/1200x628-sg-blogpostBanner-how-to-detect-and-manage-web-bots.jpg?fit=1200%2C628&ssl=1","jetpack_shortlink":"https:\/\/wp.me\/pbHhPQ-4TH","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.exabytes.sg\/blog\/wp-json\/wp\/v2\/posts\/18829","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.exabytes.sg\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.exabytes.sg\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.exabytes.sg\/blog\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/www.exabytes.sg\/blog\/wp-json\/wp\/v2\/comments?post=18829"}],"version-history":[{"count":1,"href":"https:\/\/www.exabytes.sg\/blog\/wp-json\/wp\/v2\/posts\/18829\/revisions"}],"predecessor-version":[{"id":18831,"href":"https:\/\/www.exabytes.sg\/blog\/wp-json\/wp\/v2\/posts\/18829\/revisions\/18831"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.exabytes.sg\/blog\/wp-json\/wp\/v2\/media\/18830"}],"wp:attachment":[{"href":"https:\/\/www.exabytes.sg\/blog\/wp-json\/wp\/v2\/media?parent=18829"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.exabytes.sg\/blog\/wp-json\/wp\/v2\/categories?post=18829"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.exabytes.sg\/blog\/wp-json\/wp\/v2\/tags?post=18829"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}