Follow

Automated Threats Policy

Configure an Automated Threats Policy to protect your site from known violators, identities, aggregator user agents, known violator data centers, and automated browsers.

NOTE: This feature is available to domains that have been migrated to the latest version of Distil.

Known Violators

Distil maintains a shared access control list (ACL) of prior threats that have already been detected across our network. For example, if we have detected a known violator on another site, your own site is automatically protected from that threat.

Known Violator Data Centers (KVDC)

Distil also maintains a list of data centers that commonly host malicious requests. Blocking any traffic from such data centers on first request, the list includes both common cloud and managed hosting providers (e.g., Amazon and Rackspace). Distil is continually curating and updating our KVDC list.

Identities

Distil verifies the identity of incoming requests. Malicious bots can easily spoof user agents by masquerading as a good bot (e.g., Googlebot). Distil forces two-factor authentication for all good bots, verifying that they’re coming from correct user agents. We then confirm that each request maps to one of the IP addresses within the range of the corresponding bot. If it doesn’t, the request is flagged as a malicious attempt.

Aggregator User Agents

Next, Distil checks a homegrown list of known malicious aggregator user agents. These provide zero value to your site and can also crawl certain parts of it in a harsh manner—potentially impacting performance and reliability. Unless you require complete and open access to such tools as RSS or Atom feeds, Distil recommends blocking these request types.

Automated Browsers

This final step examines different automation tools that might be built into the browser, such as Selenium and PhantomJS. Distil catches these types of tools by using stream injections with small JavaScript snippets or embedding honeypot links to see if a bot gets caught in those types of traps. This is all done asynchronously with the page load; your site doesn’t experience negative performance issues on account of these actions.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments