Bots–software applications that run scripts over the internet–make up more than half of all internet traffic. This creates a major blind spot for IT security teams, as 79% of CISOs and other security leaders said they can’t tell for certain if web traffic comes from humans or bots, according to a recent Radware report.
It’s key to understand that there are good bots and bad bots, said Reid Tatoris, vice president of product outreach and marketing at Distil Networks. “‘Good bots enable search engines to index web content, price comparison services to save consumers money, and market researchers to gauge sentiment on social media, for example,” Tatoris said. These also include chatbots, and search engine and social media bots.
Meanwhile, “‘bad bots are used to conduct a variety of harmful activities, such as denial-of-service attacks, competitive data mining, online fraud, account hijacking, data theft, stealing of intellectual property, unauthorized vulnerability scans, spam, and digital ad fraud,” Tatoris said. These include impersonators, scrapers, hackers, and spambots.
SEE: Security awareness and training policy (Tech Pro Research)
Bad bots are used by many different groups, ranging from organized crime to state actors pushing a political agenda to people trying to make money. But there are ways to tell if your website has been visited by a bot and keep it safe.
Here are five ways to spot a bot.
1. Monitor login attempts
One of the most profitable uses of bots for an attacker is via credential stuffing, the mass-scale automated testing of username and password combinations across multiple websites, according to Patrick Sullivan, Akamai director of security technology and strategy. When successful matches are discovered, attackers use these logins to take over the account for fraud or to resell the confirmed credentials.
One simple step to detect bots is to monitor macro-level success and failure rates of login attempts, Sullivan said. “Regardless of how advanced the bots are and how difficult they are to identify, credential stuffing generates high levels of failed logins,” he added. “Even if fraudsters are careful enough not to trigger account lockouts, they will generate failed logins, which are early warning signs of bot activity.”
2. Check your server logs
One of the first steps to identifying a bot is to check your server logs, said Andrew Swindlehurst, systems admin at PPC Protect Limited. “Every computer that connects to your website will leave a trace on your server,” Swindlehurst said. “With logs of every user that has connected to your website, you can then begin to analyse the users for any suspicious bots.”
Most bots will visit the same website regularly, even several times a day, he said. “If you keep seeing the same IP address pop up on your logs, then the chances are they could be a bot,” he added. You can check the IP addresses, location, and hostname manually, using a website like IPAvoid. If the IP is included on a blacklist or is not a residential address, there’s a strong chance that it’s a bot.
3. Check your email outbox
If your Sent messages folder contains messages that have been drafted, sent, or returned to you that you did not write, this is a tell-tale sign that you may have been visited by a bot, said Steve Pritchard, search content manager at giffgaff. “The bot is then intending to infiltrate the computers of your email contacts by sending them emails riddled with malware,” Pritchard said.
4. Watch if your website slows down or crashes
“Bots move fast across websites and do so in hoards, so you get a lot of server requests per second, which can overload the system and cause a major slowdown in loading times,” said Tatoris. “The result is that you end up spending more money on server costs for traffic that doesn’t translate into any benefit for your business. In addition, any humans who try to visit your site or make a purchase at a time when the site slows down will typically leave and take their business somewhere else.”
5. Check if your site content shows up elsewhere on the internet
Bots can sometimes copy website content and post it elsewhere without permission, Tatoris said. “The site Copyscape can help you to determine whether or not any of your site information has been posted elsewhere on the internet,” he added. “If you enter in the URL of a page from your website into their search field, they will return any pages that have high percentage matches to the content on the referenced page. While this isn’t a sure fire way of telling whether your content has been copied, it can potentially give you some idea.”
For more information on how to secure your devices from bots, click here.
Subscribe to the Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays