This is a public Idea Center  publicRSS

Idea

    3 liked this

    Proactive user agent or bot filter for extensive sessions...
    Idea posted May 5, 2014 by Matthias HintnerExpert, tagged Chat, Customer Portal, Knowledge Foundation 
    87 Views, 1 Comment
    Title:
    Proactive user agent or bot filter for extensive sessions per day
    User Story / Description:

    Hi,

    From time to time we recognize extraordinary session hits which came from bots or web crawlers, etc. At the moment this spikes in traffic are fully counted towards our licenced amount and only found when there is a recognizable spike in end-user sessions. In the past we always had to raise a ticket and after recognition of the error we got some extra sessions topped up.

    This is always quite time consuming and we only get to know if there is a real spike with regular monitoring.

    My idea, there should be a stop in place whereby anyone hitting the end-user pages with 100+ hits a day (as an example) is automatically blocked to enter the site.

    For example:

    - 8000 sessions from one single IP address over 4 hours
    - Unauthorized webcrawler hit end-user pages 100k over two days.

    These occasion could be minimized by setting a stop in place at 100 hits a day. This should be sufficient for real customers but would prevent high hitting unwanted access.

    Thanks for your support.

     

    Comment

     

    • BarryL

      Agreed.  This is especially true for customer that have lower CP usage - say 100 to 1000 billable sessions per day.   We've found non-conforming bots hitting 100,000 billable sessions in a 12 hour period.

      As an reseller/integrator, our #1 support ticket (effort spent) from our RightNow customers is investigating non-conforming web crawlers and bots.  Then we have to work with License Compliance to get credits back.   This could be avoided with a process that identifies if the same IP address has created over *** number of billable sessions in YYY minutes (configurable values in Configuration Settings).

      Currently the post-event cure to put the offender's IP address or domain in the SEC_INVALID_USER_HOSTS may solve a few future hits, but it seems like with a few million compromised computers and hackers out there, it is too little, to late.  

      Need this pro-active tool!