Wednesday , April 16 2014
Whatz Hot :-
Home / Internet / Hackers Mimic Googlebots for DDoS Attacks

Hackers Mimic Googlebots for DDoS Attacks

Google is the VIP of the bot world. Just like any other VIP, he enjoys some special privileges, one of which is a having unhindered access to almost any page, on any website on the web. However, as a recent case-study by a ddos protection firm Incapsula shows, some will try to abuse Googlebot’s VIP status to pass under the DDoS protection radar.

What makes Googlebot a VIP?
Googlebot is an official Google agent and an intermediary between your content and Google’s search engine. It is only by allowing Googlebots to scan your site that you become eligible to appear in Google Search Pages (SERPs), which is – needless to say – a pretty big deal.

This is why Googlebot has special VIP access to almost all of the existing webpages.  After all, if you own or manage a website, you will always consider Googlebot to be your best friend and when it comes knocking you`ll always do your best to keep you doors wide open.

Why Hackers are interested in Googlebot?
All hackers are looking for ways to circumvent traditional security barriers. As previously mentioned, hosts typically give Googlebots full access to their information. Unfortunately, hackers see this routine process of ‘opening the gates’ as an opportunity to be exploited. As Incapsula’s study shows, these troublemakers will try to mimic Google to bypass low-level security measures. The more sophisticated infiltrators even mimic the crawling activity of normal Googlebots, to get past some of the more intelligent defenses.

DDoS Attackers with Googlebot IDs
Incapsula’s case study demonstrates a case of “Googlebot DDoS”, which occurred at the end of 2013. The documented attack targeted a moderately sized commercial website which suddenly received a significant spike in requests. At the height of the DDoS attack, the site averaged close to 1,500 requests per second from Google-like bots, more than enough to crash most servers.
ddos5 Hackers Mimic Googlebots for DDoS Attacks
The first warning sign detected by Incapsula’s security system was suspicious HTTP header data. Although the attacker was smart enough to use Google user agent, the header data still contained major inconsistencies, which were picked up by Incapsula’s bot identification algorithms.

Next, Incapsula determined that the IP and ASN information were not from Google sources. Taken alone, this evidence causes concern to a host but not quite enough to condemn (as many good SEO bots also mimic Google crawlers).

Finally, the security system took a holistic view of traffic flow and concluded that the surge of suspicious behavior was indeed malicious.

With this triangulation of warning, Incapsula DDoS protection intervened and stopped the DDoS attack before it could flood the site’s servers. Overall, nearly a million fake Googlebot requests were vetted and sorted by the Client-Classification Process, while still allowing non-malicious traffic to pass through to the site.

Wanted: Some Smart DDoS Protection

With the evolution of cyber attacks, a strong network is not enough to protect your website. Advanced security systems must be able to differentiate between various types of bot activity like those seen in Application Layer DDoS attacks.  Also, you should try not to trust bots too much, even if they call themselves Googlebots.

8 comments

  1. Wavatar

    Hello there, okay so my pal and i’ve got a little problem determining on which occurs when a monster attacks directly, and also the other player uses call from the haunted. what goes on? will the attack fail, or will i attack the re-summoned monster? thanks

  2. Wavatar

    can you really have several panic attack each day? and may you define what a panic attack is?

  3. Wavatar

    I just read somewhere when I attack my opponent’s monster plus they use, say, hurry recklessly around the monster therefore it has more attack than me will be able to stop my monster from attacking. Is that this true or must i continue the attack, have my monster destroyed, and lose existence points. Just like what can happen basically just assaulted a monster with increased attack than mine.

  4. Wavatar

    Whenever I’ve had one I always think I’m having a heart attack. I think this is normal(to think that), but could I ever really have a heart attack from a panic attack? Among other symptoms, my left arm always gets numb when I have one, so that’s why I always think it’s my heart.

    I’m 23, in good physical shape, and have never been diagnosed with any heart problems. Am I just being crazy? Any words of wisdom on how to prevent panic attacks?

  5. Wavatar

    If a person attacks your body, could they be fighting them??

  6. Wavatar

    Barbarians that assaulted Rome,

    At the start of time.

  7. Wavatar

    what’s the first erectile dysfunction within the situation of cardiac arrest

  8. Wavatar
    Cyrus Destefano

    Im 17 years old girl, but for the past couple days ive had these out burst of tension attacks. They type of seem like i have to wake up and pace the ground and im frigidity, my breathing will get heavier, I’ve minor shakes, i recieve stomach seeing stars and that i can seem to be more pressure than normal within my chest. I actually do reside in a demanding atmosphere and do visit a psychiatrist monthly. However i desired to determine if they are stress attacks or panic attacks? and explain the 2 and just how they differ.

    Sometimes there so bad i cant focus on anything.

Leave a Reply for your confusion