Basic Bot Protection
The most basic of bots can be identified using various signatures. The Barracuda WAF product line comes with an on-board signature database with over 10,000 bot entries collated from various sources. These entries, along with capabilities like reverse DNS lookups, Honeytraps and JS-based challenges are used to quickly and accurately identify the simpler bots. Once identified, the good ones are allowed through, and the bad ones are blocked immediately.
Competitors and other third parties often use automated scripts to steal pricing and other content in real-time. Price scraping and content scraping results in reduced customer visits and conversions. The ABP solution uses a number of signals – page access speeds, page access patterns, client telemetry (IP, SSL Fingerprint) etc – to identify and block possible web scraping attempts.
Brute Force attacks are typically used during reconnaissance attempts – these include attacks like directory traversal, credential cracking etc. The Barracuda WAF product line can identify brute force attempts from individual clients and block them.
Bot Spam takes various forms – it can be in the form of referrer spam, polluting your website analytics. Alternatively, it can present as Form Spam, with thousands of spurious signups on your internet facing forms. Either way, you end up with skewed data that can take forever to clean up. Barracuda ABP uses several methods to identify and block such spam, including learning all the forms on a website and the time taken to fill the form. It then uses these learned parameters to identify spammers and block them.
Blocking an entire IP address for bad behavior causes significant problems. This method can be used for known problem IP ranges, such as hosting providers, TOR ranges etc, but in most cases, an IP address may have hundreds or more users behind it. The Barracuda ABP systems uses passive and active methods to fingerprint each client beyond the IP, down to the browser level. This allows you to block a single misbehaving client down to the browser level, reducing the blast radius of the block.
Bots come from a variety of sources – home IP addresses, datacenters, VPS, consumer VPN providers and Tor. In some cases, it is quite easy to stop bots by blocking entire IP ranges, like VPS providers or datacenters. The Barracuda WAF product line provides several such IP categories, including reputation-based lists to proactively block attackers and bots at the IP level.