- Security Center
- English ▾
The good news and bad news of 2014’s bot traffic report
We don’t want to unduly excite anyone, but we’re pretty sure we’ve found the secret to happiness, to optimism, and to the ability to look ahead and see only good things on the horizon. And that secret would be: never examine the details of anything.
For instance, what if we told you that in 2014 bot traffic was down 4% from the year before, accounting for 56% of all web traffic, down from 60% of all web traffic in 2013? You’d probably think that sounds like good news. And if we never told you that the reason bot traffic is down overall is because good bot traffic is down while malicious bot traffic is actually up, well, you could just go on your merry way.
But we suppose we already let those other details slip.
What’s it all a-bot?
Starting out with some background, bots are the billions of software agents that shape our internet experience by performing automated tasks on the web, including crawling websites for search engine indexing and relaying information to internet users.
If you’re accustomed to only hearing about bots in a negative sense, there’s a reason for that. For as many good bots as there are on the internet, there are even more malicious ones – bots that have been designed to perpetrate DDoS attacks, hacks, spam, click fraud campaigns and other unfortunate activity.
2014 bot traffic number crunching
Take a look at the Incapsula bot traffic report for 2014, for instance, in order to get a clear picture of what’s happening on the internet – and likely on your website
In order to publish this yearly bot traffic report, Incapsula examined over 15 billion human and bot visits to over 20,000 Incapsula-protected websites in a 90-day period, from August 2, 2014 to October 30, 2014. The websites included in the sample all have a minimum of 10 human visitors per day, and geographically speaking, the traffic observed came from all 249 countries, territories and areas of geographical interest in the world.
The analysis comes from Incapsula’s Client Classification engine, an integral part of their multi-tier security solution.
Click the image to enlarge
Good bot traffic down....and bad bot traffic up
We already told you that overall bot traffic has gone down 4% from 2013 to 2014. That’s largely because good bot traffic has gone down 10%, which Incapsula attributes to a drop in RSS bots. This is a drop that has been somewhat expected, as RSS bots have become less necessary thanks to social media.
Bad bots already outnumber good bots. With 56% of all web traffic made up of bot traffic, 29% of that 56% is attributed to malicious bots, leaving just 27% attributed to good bots.
Of that 29% of bad bot traffic, a whopping 22% is made up of impersonator bots, with the remaining 7% made up of hacking tools, scrapers and spammers. Impersonator bots are by far the most malicious and advanced of all bots, many of which can now easily circumvent security measures. Common impersonator bots include those designed to masquerade as search engine crawlers, DDoS bots that have browser-like characteristics, spy bots and bots that are masked by proxy servers. What all impersonator bots seem to have in common is that they are the tools of fairly advanced hackers that either use modified malware kits or new scripts coded entirely from scratch.
Impersonator bots set to continue their ascent
Impersonator bots are the only group of bots that have displayed steady growth over the last three years. Experts are quick to point out that this is indicative of the fact that impersonator bot numbers will only continue to grow. Why wouldn’t they? Hackers have designed impersonator bots that are capable of defeating Google’s CAPTCHA technology with roughly 90% accuracy, while 30% of DDoS bots can now retain cookies, thereby allowing them to defeat common cookie-based security challenges.
Maybe it’s not quite possible to be optimistic when it comes to bot traffic. But if being a realist means being prepared, we’ll take it. With bad bot traffic looking as though it’s going to continue to increase, with impersonator bots increasing at an even higher rate and becoming more menacingly effective along the way, filtering capabilities as well as DDoS mitigation need to increase and improve as well. Take a moment to thinks it over: Is your website prepared for the ever-evolving bot threat? Have you looked into professional DDoS mitigation services? We suggest you look into improved protection before it becomes an absolute necessity and before the damage is done.
Written by: Debbie Fletcher, freelance reporter.
She is an enthusiastic, experienced writer who has written for a range of difference magazines and news publications.