Basic Bot Protection

The most basic of bots can be identified using various signatures. The Barracuda WAF product line comes with an on-board signature database with over 10,000 bot entries collated from various sources. These entries, along with capabilities like reverse DNS lookups, Honeytraps and JS-based challenges are used to quickly and accurately identify the simpler bots. Once identified, the good ones are allowed through, and the bad ones are blocked immediately.

Competitors and other third parties often use automated scripts to steal pricing and other content in real-time. Price scraping and content scraping results in reduced customer visits and conversions. The ABP solution uses a number of signals – page access speeds, page access patterns, client telemetry (IP, SSL Fingerprint) etc – to identify and block possible web scraping attempts.

Brute Force attacks are typically used during reconnaissance attempts – these include attacks like directory traversal, credential cracking etc. The Barracuda WAF product line can identify brute force attempts from individual clients and block them.

Bot Spam takes various forms – it can be in the form of referrer spam, polluting your website analytics. Alternatively, it can present as Form Spam, with thousands of spurious signups on your internet facing forms. Either way, you end up with skewed data that can take forever to clean up. Barracuda ABP uses several methods to identify and block such spam, including learning all the forms on a website and the time taken to fill the form. It then uses these learned parameters to identify spammers and block them.

Blocking an entire IP address for bad behavior causes significant problems. This method can be used for known problem IP ranges, such as hosting providers, TOR ranges etc, but in most cases, an IP address may have hundreds or more users behind it. The Barracuda ABP systems uses passive and active methods to fingerprint each client beyond the IP, down to the browser level. This allows you to block a single misbehaving client down to the browser level, reducing the blast radius of the block.

Bots come from a variety of sources – home IP addresses, datacenters, VPS, consumer VPN providers and Tor. In some cases, it is quite easy to stop bots by blocking entire IP ranges, like VPS providers or datacenters. The Barracuda WAF product line provides several such IP categories, including reputation-based lists to proactively block attackers and bots at the IP level.

Advanced Bot Protection

Credential Stuffing and Spraying attacks have been used to compromise household names the world over with Account Takeover attacks. Attackers use bots and breached credential lists to perform low and slow brute force attacks and takeover user accounts. Barracuda ABP hosts a cloud database of breached credentials and validated incoming logins against this database. When a hit is found, you can then block the attacker and secure the user account.

Today’s bots are built to be almost human in their behavior. Standard signature checks and validations do not always catch these bots. Barracuda ABP’s cloud-based detection identifies the most advanced bots within the first few requests using a combination of website specific rules and machine learning models. The website specific rules are built by our system for each application you onboard, leading to a very low false positive rate. Since the ML system is built in the cloud, new bot detection models that are deployed are usable by all connected systems without needing a firmware upgrade.

The Barracuda ABP systems gets data from a massive honeypot network which collects many forms of threat intelligence beyond web attacks. This intelligence is combined with other data we see in production systems the world over, and a curated crowd-sourced threat intelligence stream is available to every ABP customer.

Defensive and Offensive Responses

Blocking a bot stops the bot at that point in time. However, the bot is now free to try coming in from a different IP or fingerprint to try and access your website again. One of the responses available to you with Barracuda ABP is the ability to tarpit a client. When a client is identified as being malicious, they can be put into a tarpit, where they are actively slowed down to near-unusable speeds. The bot spends a lot of time trying to access the site but does not get very far for its effort because it is continually slowed down.

The Barracuda WAF product line offers both an internal alphanumeric CAPTCHA and integration with Google reCAPTCHA v2 and reCAPTCHA v3. When clients are identified as being suspicious, you can choose to issue any of these to validate the client as either human or bot.


The Barracuda WAF product line provides you with on-board reporting of bot traffic. The reporting module has many reports that provide a deep visibility into the amount of bot traffic, the types of bots and detailed looks at the types of attacks and responses. You can get reports on the bot traffic levels, the number of credential stuffing attacks versus the number of requests, number of CAPTCHA’s issues versus the number solved and much more.

The cloud-based Advanced Analytics Dashboard is driven by data from your websites connected to the Barracuda ABP solution. The AAD provides a deep look into your bot traffic statistics. On the dashboard, you can drill right down to the level of each detected bot – and see details about its visits to your application, the amount of traffic it has generated, source IP address and more. The data provides you with a deep historical look at bot traffic, and its effects on your application.