-2

I know how to detect and filter bot traffic, but I'm wondering if anyone knows why I am seeing tons of bot traffic from insurance and banking domains? E.g., bankofamerica.com, allstate.com and others are hitting my site upwards of 100 times per day. Note that I am talking about domain associated with the user's IP, not the traffic referral domain.

The site is a large ecommerce retailer and the banking and insurance bot traffic started after it moved to the Demandware ecommerce platform.

Michelle
  • 7
  • 4
  • 1
    Referrer traffic is pretty easy to spoof... – Layke Mar 11 '15 at 15:50
  • @Layke, edited to add context around domain--I mean the domain associated with the user's IP address, not the referring domain from a traffic perspective. – Michelle Mar 11 '15 at 15:55

5 Answers5

0

Which kind of traffic are they sending? It would be great to have a HTTP request as example, try sniff the traffic to your website with a tcpsniffer such as tcpdump or ngrep.

Cristian - ScrapeSentry.com
  • 36
  • 3
  • Thanks, @Cristian, I waited a few months for any other insights, but this is the most helpful solution so far. – Michelle Sep 08 '15 at 19:31
0

It could be that those are simply users which are bind a corporate proxy and thus appear as one IP. How do you know it is bot traffic?

SGD
  • 1,676
  • 14
  • 18
  • I'm looking at pageviews per session, and seeing that all sessions from these IPs are only one pageview. In other words, they hit one page on the site then a new session begins and they hit once, then a new session begins and they hit once, etc for hundreds of sessions. – Michelle Apr 07 '15 at 16:23
  • 1
    Can you see the user-agent for those requests? – SGD Apr 07 '15 at 16:25
0

You can prevent those request hitting your server by implementing DOS ( denial of service) on the application level and DDOS on your network level if you have the cisco firewall installed in your infrastructure.

Deepak Rohilla
  • 97
  • 6
  • Thanks, Deepak; I'm not concerned about how to block the traffic, I'm mostly wondering why I would see so much bot activity from insurance and banking domains--maybe there is a business reason why they ping sites? – Michelle Apr 07 '15 at 16:24
0

If you still have this problem, contact Demandware support by raising a customer support ticket in their SalesForce portal. There is not much that you could by configuration of your Demandware site from the Business Manager. Chances are that the traffic was always there, just that it was filtered by the firewall of your previous e-commerce provider.

Zlatin Zlatev
  • 3,034
  • 1
  • 24
  • 32
0

Turns out this was caused by bots spoofing legitimate domains

Michelle
  • 7
  • 4