Outils anti-bots complets

At CrowdHandler, we are constantly working to develop and enhance security features to ensure that your site is serving your customers, and squeezing out bots and fraudsters.  

With anomaly detection now out of beta, and the addition of a new IP intelligence check, let's take a look at CrowdHandler's current suite of anti-bot and anti-fraud features.

The 'drop' setup 

This key anti-bot strategy is also one of the simplest: a waiting room setup that gives everyone a fair chance, by randomising queue positions. 

We call it the 'drop' setup. All site visitors are corralled into the waiting room before the queue activates; then, at the point of launch, everyone in the waiting room is automatically assigned a random place. If you're planning a busy on-sale or product launch, then this type of setup isn't just a good way to build anticipation for the moment of sale; it will ensure that bots and other bad actors are not dominating positions at the front of the queue. 

IP intelligence check and connection limit

Once you’re all set up, the first barrier that any bad actor will come across if they try to access your website or queue is an initial IP intelligence check. This feature gives you the ability to block certain IPs - such as those used by known attackers, data centres or TOR connections - on first request, based on intelligence data.

In addition, you can set a limit for IP sessions. Too many connections from a single IP could indicate a user using lots of devices, or opening dozens of anonymous tabs - or it might be a scraper bot trying to generate queue positions to squeeze out real users. Either way, if an IP address breaches the limit you set, it will be blocked.

ReCAPTCHA

If the bots haven't been deterred by IP checks and limitations, make sure you have CAPTCHA set up and switched on to slow them down.

CrowdHandler waiting rooms use Google's reCAPTCHA V2, which presents the user with an "I'm not a robot" checkbox for them to click (followed by an image grid if they don't immediately pass Google's analysis) before allowing them to access a waiting room position. Users will also need to complete a CAPTCHA when the waiting room is in pre-sale countdown mode - for example, in the 'drop' setup, above. Sessions without reCAPTCHA will be rejected.

Fingerprinting

When users join your waiting room, they are issued with a unique token, generated as they join the queue. However, because savvy users may be able to identify and share (or even sell) tokens with a perceived 'good' position in the queue, we use Device Fingerprinting as an additional security feature. 

Once Device Fingerprinting is switched on, CrowdHandler will use information about each user's device to compile a signature fingerprint, which we associate with that user's token. If a different device then tries to access the queue with their token, that second device will be issued with a new token - which will take them to the back of the queue.  

Anomaly detection

If a bot or bad actor gets past all of the above with more subtle anomalous behaviour, then CrowdHandler's in-built anomaly detection will help.

The latest addition to our security suite, anomaly detection uses advanced algorithms to analyse user behaviour and identify any outliers - in other words, patterns that might indicate fraudulent or malicious activity. By setting your desired anomaly threshold, you can customise the level of protection for your site and ensure that only legitimate traffic is allowed through.

screenshot showing anomaly detection feature flagging high risk traffic

Attracting the wrong kind of crowd? 

Customers using these features have been surprised to find that bot or fraudulent traffic accounts for the majority of user sessions on their site, and that these features have blocked hundreds or thousands of bad actors per week. Try it - you too might be surprised.

…We’ll handle it.

We are constantly working on new features to provide advanced protection for your website and ensure that only genuine users are able to access your site. With CrowdHandler, you can have confidence in the security of your online presence.


S'inscrire