The tutorial video below covers the same topics as this article.
As they use new methods to circumvent your security measures, malicious bots continue to get smarter. However, Distil catches tell-tale signs that reveal nefarious activity. As it does, it automatically triggers protective traps (e.g., custom block, drop, or CAPTCHA page) while identifying and categorizing each penetration attempt.
The Trap Analysis Report displays the various ways Distil Networks has trapped threats to your site and its content from incoming bad bots. Using this report data, you can get a high-level overview of the most active traps.
Accessing the Trap Analysis Report
Follow these steps to access the Trap Analysis report:
- Log in to the Distil Networks Portal to access the Domains dashboard.
- Select a domain.
- Click Reports on the banner menu.
- Click Traffic Overview to expand the Reports dropdown menu.
- Select Trap Analysis.
Reviewing the Trap Analysis Report
The Trap Analysis report displays the top traps triggered by bad bots, including:
- Date Filter – Specific date range highlighted by the report.
- How we identified the bad bots – Visual breakdown of the top traps triggered by bad bots.
- Trap – Specific traps triggered by bad bots and the total number of violations.
- IP Address – Top offending IP addresses associated with each bad bot and the total number of violations.
- WHOIS Information – Detailed insight into the origin of the selected IP address, such as a breakdown of threats attributed to the IP, the ISP, organization, and location. The WHOIS Information box also provides quick access to whitelist or blacklist the IP via your Access List.
Blacklisting IPs via the Trap Analysis Report
Having identified a troublesome IP address(es) from the Trap Analysis Report, you can use Access List Options to blacklist them, thereby stopping future attempts:
- Select an IP to open the WHOIS Information dialog box.
- Click Access List Options.
- Enter any Notes as to why you blacklisted the IP (for future reference).
- Click block within the Access option.
- Select an expiration range using the Expire from access list dropdown list.
- Click Block Ip.
NOTE: You can also whitelist any IP address using the Access List Options. Whitelisted IPs will never be blocked despite any traps they may trigger. This option can be especially useful to allow internal tool access, such as automation test tools, which can be mistaken as malicious bots.
To do so, follow the steps above, but click allow in step 4.