Should You Be Prepared Against Malicious Bot Traffic?

By Anna Johansson
Published 08/05/2020
Share this on:

AI robot on keyboard


If you own or manage a website, you’re probably used to bot traffic. Most bot traffic is innocuous, and used by organizations to gather data for (often) universally helpful purposes. For example, Googlebot (the generic name for Google’s web crawler) is constantly visiting websites to gather new information for Google’s search index. Googlebot visiting your site is a good thing if you want your site to be seen and visited via search engines.

However, not all bot traffic is harmless. Some bots are designed specifically for malicious purposes, and the only way to prevent them from damaging your site and your reputation is through a bot management strategy. But what exactly is hostile bot traffic, and how can you prepare against it?

How Bots Work

First, let’s cultivate a better understanding of what bots are and how they work. You might imagine “bots” as tiny robots that visit your website, and this humorous vision isn’t too far from the truth. Bots operate via automated scripts and programs, which instruct the bots to behave in certain ways. For example, someone might program a bot to click certain links or download images. Bots can also be programmed to handle more complicated tasks, like scraping certain types of data or even filling out forms.

Because bots require few ongoing resources, and because they can be coded and replicated easily, they can quickly become overwhelming. In fact, some reports estimate that 37.9 percent of all web traffic is made up of bots.

Malicious Bots

As we’ve seen, bots can serve positive functions. They can scrape your site for data for search engines, monitor your site to make sure it’s healthy, or even monitor the web for copyright infringement.

But bots can also be programmed for hostile purposes.

For example:

  • Comment spam. If you’ve ever had a blog, you’ve likely dealt with some kind of comment spam. Certain bots are programmed to find comment sections and other opportunities to engage with people, and leave comments pointing users to another site. In most cases, this is either a scam or a cheap attempt at promotion. Either way, it hurts your site.
  • Data scraping. Other bots are designed to scrape data. For example, your competitors might be perusing your site to learn more about your product pricing. You may want these data to be publicly available, but you don’t want malicious agents to be able to find and manipulate them easily.
  • DDoS attacks. One of the most commonly known uses of malicious bot traffic is the distributed denial of service (DDoS) attack. If you can overwhelm servers with significant enough bot traffic, you can prevent a website from being accessed by real people altogether.
  • Vulnerability analysis. Some bots crawl websites looking for potential vulnerabilities. If they find and flag one, they can return that information to a hacker, who can then find a way to exploit it.

As you can see, some of these malicious bots can have devastating effects; they can take your entire website down, or compromise your data. But even if they don’t have an immediate obvious effect, they can hurt your site. For example, they might cause you to overestimate the number of people visiting your site, or increase your bandwidth usage.

How Bot Management Works

Through bot management, you can detect and prevent malicious bots from ever reaching your site. The best way to do this is through a multi-stage bot filtering process. You can start by identifying the low-hanging fruit with environmental profiling and other tactics; these methods quickly and easily weed out older bots. Other filters can be designed to identify sneakier and more modern bots, possibly incorporating machine learning to identify new patterns as they emerge.

Once identified, malicious bot traffic must be stopped. If a source is flagged as a hostile bot, it can be blocked from reaching your site or interacting in any meaningful way. In the modern era, there may be even more robust tools and options available; for example, instead of passively avoiding bots, you may be able to feed them false information intentionally, as a way to sabotage the competitors or bad agents who were trying to work against you to begin with.

With most bot management products and services, you’ll also have the chance to “whitelist” certain types of bots; that way Googlebot and other positive sources of bot traffic can still be allowed to crawl your site.

How Big a Problem Is Malicious Bot Traffic?

Small websites may not have to worry much about malicious bot traffic, but if you serve many visitors or if you have valuable information on your site, malicious bot traffic should be a major concern. Bot management strategies are relatively inexpensive and straightforward to set up, so there’s no excuse for not pursuing one.

Anna is a freelance writer, researcher, and business consultant. A columnist for, and more, Anna specializes in entrepreneurship, technology, and social media trends. Follow her on Twitter and LinkedIn.


Want more tech news? Subscribe to ComputingEdge Newsletter Today!