The tutorial video below covers the same topics as this article.
Being more than just a list of IP addresses associated with bad bots, the Bad Bots report provides a dynamic picture of unwanted traffic targeting your site. It’s comprised of a table that lists each bad bot’s name, classification, and total page requests tied to the bot. For more information on types of bad bots, check out our article on What are the Types of Bad Bots?
Select an IP from the Bad Bots IP list to do a reverse look-up and manually whitelist or block a particular IP. Additionally, add or edit notes on why you either whitelisted or blacklisted the IP, for future reference.
Accessing the Bad Bots Report
Follow these steps to access the Malicious Countries report:
- Log in to the Distil Portal.
- Select a domain from your Domains dashboard.
- Click the Reports dropdown menu.
- Select Bad Bots.
Reviewing the Bad Bots Report
The report shows a snapshot of bad bots accessing your site, including:
- Date Filter – Specific date range highlighted by the Bad Bots report.
- Bad Bot List – List of all bad bots having targeted your site, in order by offenders having the highest number of page requests. Each row shows the classification and total number of threats.
The Most frequent bad bots by classification graph (at right) displays bat bot activity broken out by classification. Below it, the Most frequent bad bots graph shows bat bot activity broken out by category (e.g., Reporting as Chrome, Reporting as Internet Explorer 8).
Blacklisting IPs via the Bad Bots Report
You can perform a reverse lookup on any IP you’ve selected from the Bad Bots IP list, and then manually whitelist/blacklist it.
Having identified a troublesome IP address(es) from the Bad Bots report, you can use Access List Options to blacklist them, thereby stopping future attempts:
- Select an IP to open the WHOIS Information dialog box.
- Click Access List Options.
- Enter any Notes as to why you blacklisted the IP
- (for future reference).
- Click block within the Access option.
- Select an expiration range using the Expire from access list dropdown list.
- Click Block Ip.
NOTE: You can also whitelist any IP address using the Access List Options. Whitelisted IPs will never be blocked despite any traps they may trigger. This option can be especially useful to allow internal tool access, such as automation test tools, which can be mistaken as malicious bots.
To do so, follow the steps above, but click allow in step 4.