Meet Us at AWS re:Invent 2019 | Book a Meeting Now

How To Block Bot Traffic

What are the available options? Commonly used bot blocking methods usually involve rule-based measures such as blocking IP ranges, countries, and data centers known to host bots — as well as Web Application Firewalls (WAF) and Access Control Lists (ACL) — but these methods are ineffective in detecting the newest, most sophisticated bots that have evolved to emulate human behavior.

The drawbacks of using conventional approaches Earlier generations of relatively primitive bots could be easily detected and blocked because of certain characteristics — such as being unable to run JavaScript, using headless browsers, visiting from IP addresses known for bot origination, using automation tools, or machine-like mouse movements and page traversals, for example. However, such simple, interaction-based methods of analysis are not effective in detecting the sophisticated bots that are being deployed today. Ascertaining intent is crucial for a sophisticated bot mitigation solution to block bots.

The need for a specialized approach Bots today are far more technically advanced and human-like in their behavior when compared to the simple first and second-generation bots from over a decade ago. A large number of sophisticated attacks are either massively distributed or adequately ‘low and slow’ to operate under the permissible limits of rule-based security measures such as IP blacklists, WAFs and ACLs. In addition, bots mutate their characteristics and behavior to try to evade detection, which makes detection of their intent a crucial factor for Bot Risk Management (BRM) solutions.

Why a dedicated bot mitigation solution is essential Conventional bot mitigation solutions try to analyze visitors’ interactions with the website or app — such as mouse movements, click patterns, and page traversals. However, these approaches are becoming increasingly ineffective, because bots with advanced human-like interaction capabilities are able to evade these measures. Instead of analyzing interactions, a solution such as ShieldSquare tries to understand the intent of highly sophisticated non-human traffic by using proprietary techniques such as Intent-based Deep Behavior Analysis (IDBA) that leverage AI and Machine Learning. As bots continue to evolve, such approaches provide significantly higher levels of accuracy in detecting bots.

Step Up and Take Action

Powered by Think201