Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Understanding Web Bots and How They Hurt Your Business

1,648 views

Published on

Published in: Technology
  • ➤➤ 3 Reasons Why You Shouldn't take Pills for ED (important) ◆◆◆ https://tinyurl.com/rockhardxxx
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • ★★ How Long Does She Want You to Last? ★★ A recent study proved that the average man lasts just 2-5 minutes in bed (during intercourse). The study also showed that many women need at least 7-10 minutes of intercourse to reach "The Big O" - and, worse still... 30% of women never get there during intercourse. Clearly, most men are NOT fulfilling there women's needs in bed. Now, as I've said many times - how long you can last is no guarantee of being a GREAT LOVER. But, not being able to last 20, 30 minutes or more, is definitely a sign that you're not going to "set your woman's world on fire" between the sheets. Question is: "What can you do to last longer?" Well, one of the best recommendations I can give you today is to read THIS report. In it, you'll discover a detailed guide to an Ancient Taoist Thrusting Technique that can help any man to last much longer in bed. I can vouch 100% for the technique because my husband has been using it for years :) Here's the link to the report ■■■ https://tinyurl.com/rockhardxxx
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Understanding Web Bots and How They Hurt Your Business

  1. 1. Presented by: Orion Cassetto, Sr. Product Marketing Manager, Incapsula Understanding Web Bots and How They Hurt Your Business
  2. 2. Incapsula Webinar •Thanks for joining! •The webinar is about 30 minutes long •Questions will be answered after the session •Please submit your questions using > the chat window >Or tweet them to @orionevolution Incapsula, Inc. / Proprietary and Confidential. All Rights Reserved.2
  3. 3. Speaker Bio – Orion Cassetto • Sr. Product Marketing Manager for Incapsula • Previously held product marketing positions at Imperva and Armorize Technologies • Experienced in Web app security, and SaaS security solutions • Holds degrees in Asian Studies, and Chinese Language from Washington State University Incapsula, Inc. / Proprietary and Confidential. All Rights Reserved.3
  4. 4. Overview • An overview of Bot technology • How bots are used for Hacking and Denial of Service Attacks • The Impact of Content Scraping on Websites • Suggestions for Bot detection and Mitigation Incapsula, Inc. / Proprietary and Confidential. All Rights Reserved.4
  5. 5. What is an Internet Bot? • A bot is a software program that runs automated tasks over the internet • They typically perform simple, repetitive tasks • Are able to operate at a higher rate of speed than humans can achieve Incapsula, Inc. / Proprietary and Confidential. All Rights Reserved.5
  6. 6. Popular Legitimate Uses for Web Bots Bots tend to visit websites in regular cycles performing tasks like • Search Engine Crawling > Google > Bing > Yandex > Baidu • Website Health Monitoring • Fetching Web Content • Web vulnerability Scanning • Operating APIs (Application Programming Interfaces) Incapsula, Inc. / Proprietary and Confidential. All Rights Reserved.6
  7. 7. Automated Clients are the Majority of Web Traffic Incapsula, Inc. / Proprietary and Confidential. All Rights Reserved.7 Over 61%of all website traffic is non-human. 61.5% Non-Human Traffic 38.5% Human Traffic 1/2 of that is malicious.
  8. 8. The Impact of Bots on Website Security • DDoS • Site Scraping • Comment Spam • SEO Spam • Fraud • Vulnerability scanning Incapsula, Inc. / Proprietary and Confidential. All Rights Reserved.8 • Search Engine Crawling • Website Health Monitoring • Vulnerability Scanning • Fetching Content • Powering APIs Good Bots Bad Bots
  9. 9. Evolution of Bots • Bots are increasingly able to imitate browser and human behavior • Browser-based bots which live inside of infected browsers are becoming more sophisticated Incapsula, Inc. / Proprietary and Confidential. All Rights Reserved.9
  10. 10. Imposter Google Bots are on the Rise Incapsula, Inc. / Proprietary and Confidential. All Rights Reserved.10 Googlebots visit websites an average of 187 times per day 24% of them are fake
  11. 11. Imposter Google Bots are on the Rise Incapsula, Inc. / Proprietary and Confidential. All Rights Reserved.11 Google Imposter Bots by Activity Type
  12. 12. How bots are used for Hacking Incapsula, Inc. / Proprietary and Confidential. All Rights Reserved.12
  13. 13. Bots and Comment Spam • What is Comment Spam > Posts in comment sections on websites allegedly linking to: - Steams of popular TV shows - Cheap Shoes - Designer bags, etc. • How bots are involved > Bots are used to automatically find victim sites and insert spam posts • Why it matters > Comment spam is frequently responsible for - Worse user experiences - Lower website conversions (links usually exit your site) - Malware distribution (infecting your visitors)
  14. 14. Bots and Click Fraud • What is click fraud? > When a person, or automated script imitates a legitimate user of a web browser clicking on a pay-per-click ad • How bots are involved > Bots are created which can click on ads with a rate unachievable by humans • Click fraud can be used as a weapon for - Competitors of advertisers - Competitors of publishers Incapsula, Inc. / Proprietary and Confidential. All Rights Reserved.14
  15. 15. SEO Referral Spam What is it? 1. Semalt is a Ukrainian search engine optimization (SEO) “company” 2. They used malware to hijack computers and create a giant botnet 3. This Botnet visits sites across the internet with fake referral sources What damage could this cause your website? • Long term SEO Damage to your website’s rankings • Complete search engine result page blacklisting and removal Incapsula, Inc. / Proprietary and Confidential. All Rights Reserved.15
  16. 16. Bots for Distributed Denial Of Service (DDoS) Attacks • DDoS attack are attacks where many infected computers band together to attack a single target • These attacks exhaust network connections and server resources causing website outages Incapsula, Inc. / Proprietary and Confidential. All Rights Reserved.16
  17. 17. How DDoS Attacks Impact Site Availability • DDoS attacks make your website completely inaccessible Incapsula, Inc. / Proprietary and Confidential. All Rights Reserved.17 Legitimate Traffic Your Site Your Internet Connection • If website availability is important to you, then DDoS protection should be too • Any application without a DDoS mitigation strategy is at risk Your ISP DDoS Bots
  18. 18. Bots as Website Reconnaissance • Website Vulnerability Scanners > Powered by bots > Crawl websites searching for security flaws > Typically used by website owners > Provide operators with a list of website vulnerabilities > Can also be used by Hackers Incapsula, Inc. / Proprietary and Confidential. All Rights Reserved.18 List of Vulnerabilities
  19. 19. Websites Have Many Vulnerabilities 96% of web applications have vulnerabilities 96% WEB APP Sources: Cenzic, Inc. – Feb. 2014, Incapsula, Inc. –2013 13% of websites can be compromised automatically 13%
  20. 20. The Impact Of Site Scraping Bots Incapsula, Inc. / Proprietary and Confidential. All Rights Reserved.20
  21. 21. Types of Scraping - Site Scraping • Site Scraping is when a bot visits a website to copy or steal content • Usually done by reading and parsing web page source code Incapsula, Inc. / Proprietary and Confidential. All Rights Reserved.21 Your Site Their Site <!DOCTYPE <HTML> <HEAD> <TITLE>… Your Code Your Content
  22. 22. Types of Scraping - Database Scraping • Database Scraping is when bots enter all possible parameters into an application to retrieve content from a database > Example of an car Insurance site - Male, 25, Honda $X / Month - Male, 25, Toyota $Y / Month - Male, 25, Ferrari $Z / Month • Can be used to steal intellectual property, underwriting, pricelists, customer lists, etc. Bot Your DB Content Your Site Your DB
  23. 23. Sanctioned Uses for Site Scraping • Obtaining or Distributing Public information > Weather data > Government data > Economic data • Aggregator Sites > Travel Sites > Shopping Aggregators > Hotel booking > Concert Tickets Incapsula, Inc. / Proprietary and Confidential. All Rights Reserved.23
  24. 24. How Site Scraping Can Hurt Your Business • Site Scraping can lead to IP theft or Competitive Disadvantage Incapsula, Inc. / Proprietary and Confidential. All Rights Reserved.24 Randy's Rental Car $30/day $35/day $45/day $50/day $65/day $85/day Competitor Rental Car $29/day $34/day $44/day $49/day $64/day $84/day
  25. 25. Identifying and Mitigating Bots Incapsula, Inc. / Proprietary and Confidential. All Rights Reserved.25
  26. 26. Inspecting Website Traffic for Bots • Static approach: > Structure of web requests > Header information > Visitor browser agent info • Progressive Challenge approach > Cookies > JS > CAPTCHA • Behavioral Approach > Order and frequency of requests > Interaction between clients and servers > Javascript Injection to actively classify clients
  27. 27. What about using Robots.txt ?!? • What is Robots.Txt? > It is list of rules for the bots visiting your website • Can’t I use it to block bad bots? > In theory, yes. In reality, no. Incapsula, Inc. / Proprietary and Confidential. All Rights Reserved. 27 Bad bots ignore the rules!
  28. 28. Identify and Block Bad Bots • Implement a solution which can block bad bots to prevent > Comment Spam > Site Scraping > Vulnerability Scanning > Automated SEO Poisoning • Maintain site access for good Bots • Bot Mitigation can be > Standalone service > Part of other tools like WAFs or application delivery controllers Incapsula, Inc. / Proprietary and Confidential. All Rights Reserved.28
  29. 29. Website Security and Performance in Minutes with a Simple DNS Change Incapsula, Inc. / Proprietary and Confidential. All Rights Reserved.29 By routing website traffic through the Incapsula network, malicious traffic is blocked, and legitimate traffic is accelerated. Incapsula Network Your Website Legitimate Traffic For a Free Trial of Incapsula visit us at www.Incapsula.com
  30. 30. Please send follow up questions to info@incapsula.com Thank you
  31. 31. 31 Incapsula, Inc. / Proprietary and Confidential. All Rights Reserved.

×