Recent bot attack that happened on an e-commerce website. The graph shows the distinct number of server-side fingerprints linked to bot activity. We see a sudden increase at the start of the attack ~05:28. (1/4)
Conversation
The bot developers randomized the fingerprints in the hope to bypass classical signature-based detection. Here, the analysis showed that the bot developer rotated user-agents among a list of recent ones + randomly changed the order of HTTP headers. (2/4)
1
2
As we see on this other graph that plots the distinct number of residential IPs addresses used by bots during the attack, the attacker heavily distributed its attack over more than 1.2M residential IP addresses. (3/4)
Replying to
This kind of attack is more and more common, and it's not a DDoS attack! That's "just" a sale for a limited edition product. This shows how far attackers are willing to go to buy these limited edition products. (4/4)
2