The tutorial video below covers the same topics as this article.
Another way to classify bad bot information is by lumping together the owners of Internet service providers (ISPs), otherwise known as organizations. Bots often come from inexpensive hosting environments, such as Amazon and WeHostWebSites. These entities are able of cycling through a variety of IPs, thereby spinning up and down different nodes.
Use this report to see a list of IPs from which these violations are originating.
Accessing the Threats by Organization Report
Follow these steps to access the Threats by Organization report:
- Log in to the Distil Networks Portal to access the Domains dashboard.
- Select a domain.
- Click Reports on the banner menu.
- Click Traffic Overview to expand the Reports dropdown menu.
- Click Threats by organization.
Reviewing the Threats by Organization Report
The Threats by Organization report displays the top traps triggered by bad bots, including:
- Date Filter – Specific date range highlighted by the Threats by Organization report.
- Organization List – List of all organizations associated with threats targeting your site, ordered by highest offender. Each organization row shows the total number of threats and top country by that value.
Select an organization from the list to access a full list of offending IP addresses having a corresponding number of violations. Use that IP data to blacklist main offenders from having access to your site.
Blacklisting IPs via the Threats by Organization Report
Now that you’ve identified a troublesome IP address on the Threats by Organization report, blacklist them from future attempts by using the Access List Options:
- Select the IP to open the WHOIS Information dialog box.
- Click Access List Options.
- Enter any Notes as to why you blacklisted the IP for future reference.
- Toggle the Access option to Block.
- Select the expiration window using the Expire from Access List dropdown menu.
- Select Block IP.
Alternatively, whitelist an IP address using the Access List Options. Whitelisted IP addresses are never blocked despite the traps they trigger. This can be especially useful to allow internal tools access, such as automation test tools, which can be mistaken as malicious bots.
Follow the same steps as above, but toggle the Access option to allow and then click Allow IP.