How Can Bots Be Prevented?

Bad bots—pc packages that mimic human conduct—are a rising menace to companies, costing them billions of {dollars} yearly in fraud and information theft. What are you able to do about it?

A recent study discovered that firms are dropping about 3.6% of their income to bots. According to the examine, 60% of sampled organisations detected assaults on APIs and 39% detected assaults on cell apps. 


But you possibly can take steps to guard your cell app from unhealthy bot assaults. Below, we define six steps you possibly can take to attenuate the probabilities of unhealthy bots infiltrating your platform. 

1. Block or CAPTCHA outdated consumer brokers/browsers

Bad bots typically masquerade as previous browsers or gadgets once they make requests to your server. By blocking requests from outdated consumer brokers/browsers, you possibly can cut back the variety of unhealthy bot requests your server receives. Thankfully, most fashionable browsers pressure auto-updates on customers.

2. Block recognized internet hosting suppliers and proxy companies

Many unhealthy bot requests come from compromised computer systems which might be a part of a botnet. These computer systems are normally positioned on shared internet hosting suppliers or proxy companies. You can forestall many unhealthy bot requests from reaching your server by blocking recognized internet hosting suppliers and proxy companies, though you have to be conscious that masking the place communications come from will not be too advanced.

3. Protect all unhealthy bot entry factors

Bad bots will attempt to entry your web site or app by means of any open door, together with any unprotected API endpoints. Protecting all of your entry factors with authentication and authorization could make it harder for unhealthy bots to achieve your server, though it ought to be famous that credential stuffing assaults do use legitimate usernames and passwords. 

4. Evaluate site visitors sources

If you see sudden spikes in site visitors from unknown sources, it may very well be an indication that somebody is utilizing a bot to DDoS your web site or app. By monitoring site visitors sources, you possibly can shortly determine and block malicious site visitors earlier than it does any injury. 

5. Investigate site visitors spikes

Not all site visitors spikes are attributable to unhealthy bots. But if you happen to see a sudden spike in site visitors that doesn’t match up with any modifications you’ve made to your platform, it’s price investigating additional. It may signify that somebody is making an attempt to DDoS your website or steal information out of your app. 

6. Monitor failed login makes an attempt

A excessive variety of failed login makes an attempt may signify that somebody is utilizing a brute pressure assault to achieve entry to your app, e.g. a credential stuffing assault. By monitoring failed login makes an attempt, you possibly can shortly determine if you find yourself  beneath siege and decrease the injury. 

Most of the above suggestions are generic in that they are often utilized to all web site visitors coming into your platform. Many of them are additionally ‘after the very fact’ in that they might enable you to to determine when you will have been attacked or are beneath assault.

Clearly it’s preferable to determine and block unhealthy bot site visitors on the edge, earlier than it enters your backend infrastructure a causes injury and will increase your working prices. Further, it ought to be recognised that site visitors really coming  out of your cell app is especially tough to distinguish from site visitors claiming to come back out of your cell app – after all of your API key might be saved inside your cell app code. 

So how do you have to cope with this threat?

Invest in a bot safety answer for cell

The finest approach to shield your cell enterprise from bot assaults is to spend money on a bot protection solution like Approov. Approov makes use of a runtime attestation system that verifies the integrity and origin of each request made to your cell backend APIs utilizing cryptographically signed tokens certain to the requesting gadget/software couplet – defending in opposition to automated bot assaults, malicious replay recordings, and fraudsters in addition to stopping man-in-the-middle (MitM) hijacks and different energetic breaches. Try out Approov for free today.

Related Posts