Bot Protection

1

How to start working with us.

Geolance is a marketplace for remote freelancers who are looking for freelance work from clients around the world.

2

Create an account.

Simply sign up on our website and get started finding the perfect project or posting your own request!

3

Fill in the forms with information about you.

Let us know what type of professional you're looking for, your budget, deadline, and any other requirements you may have!

4

Choose a professional or post your own request.

Browse through our online directory of professionals and find someone who matches your needs perfectly, or post your own request if you don't see anything that fits!

WebScarab has bundled several evasion techniques for this - some developed by Semmle Security Research, others developed independently. These evasion techniques are listed below with the relevant threat intelligence description.

Note that the waf does not actively protect against all these bot attacks; instead, it allows you to configure your own protection rules, which will be enforced on every request. This makes it easy to stop new or unknown attack vectors before they become popular enough to be blocked widely.

Example 1: Tampering with Parameter Values

Some bots are capable of tampering with the values of web application parameters. This is possible due to weak input validation or careless development practices - for example, using a single configuration file loaded by every page on the website. As a result, any request that modifies one of these files could be used to tamper with requests for other pages on the site. Expert Organizations facing automated web-layer attacks rely on Fastly's Next-Gen WAF (formerly Signal Sciences) to identify and mitigate malicious bots from attacking their web applications and APIs. F5 bot protection delivers proactive, multi-layered security that blocks and drops bad bot traffic before it can hit your network, mitigating bots that perform account takeovers, vulnerability reconnaissance, denial-of-service attacks and malicious traffic targeted at your network or app layer.

The bot-powered attacks are possible because they allow you to hijack sessions, store custom code in your target's databases, perform SQL injection automated attacks against their databases, exfiltrate data directly from their databases, .etc.

This is most commonly done by adding one or more slashes at the end of specific parameters (mainly those not ordinarily visible). The waf will only protect against this if you define protection rules to block this tampering.

For example, if your website uses parameters like orderid=1, you should define a rule which checks that there are no extra slashes at the end of this parameter. If you see an extra slash, it could indicate that someone has tampered with the parameter - in which case you would want to treat it as suspicious activity and block the request.

Example 2: Tampering with Session Tokens

Bots are known to tamper with session tokens, for example, by adding scripts containing auto-submitted form fields into them. This will cause these values to be submitted when the user authenticates or logs in - allowing malicious bots to hijack sessions or inject client-side code into your application, .etc.

The waf will only protect against this if you define protection rules to block this tampering. For example, if your website uses session tokens like: auth=0f3916a33ea84aab535d32b8e31c955de4944aa007823 , you should define a rule which checks that this token does not contain the string " josessionparameter=" . If you see such a value in any session code, it could indicate that someone has tampered with the session - in which case you would want to treat it as suspicious activity and block the request.

Example 3: Parameter Pollution

Bots are known to change values of web mobile applications parameters by adding additional parameter names and values to the HTTP request. This is known as parameter pollution and can cause web apps firewalls to block legitimate requests as they cannot distinguish between parameters with similar names.

The waf will only protect against this if you define API protection rules to allow specific parameters without checks. For example, if your website uses sessions, you should not check that the parameter used for session data is called "auth." If malicious bot traffic changed its value from auth=0f3916a33ea84aab535d32b8e31c955de4944aa007823 to auth=somethingelse, then this change would work unless you had a rule which blocked anything other than auth being set in the session.

Example 4: Back Button Spam

Some good bots can detect when you are blocking their access, such as submitting an invalid parameter in a URL and seeing if it is blocked, .etc. Such bots will automatically submit random requests until they get through - known as back button spam. Therefore, you should make sure that protection rules do not cause any false alarms due to this behaviour.

Note that the waf does not try to block these attacks directly because it cannot distinguish between legitimate users and bad bots, simply submitting random requests or using custom methods of bypassing your protection rules, .etc. Instead, you must only use the bot detection features provided with the waf since they have been explicitly designed to stop bots from evading your protection rules.

Geolance is an on-demand staffing platform

We're a new kind of staffing platform that simplifies the process for professionals to find work. No more tedious job boards, we've done all the hard work for you.


Geolance is a search engine that combines the power of machine learning with human input to make finding information easier.

© Copyright 2022 Geolance. All rights reserved.