What you often see with these types of attacks is that temporary protection works well, until the attackers actually change their techniques. But even then they have to do it very well and fortunately attackers/attackers often lack the knowledge about this.

In Tweakers themselves, we sometimes suffer from this, and this is not necessarily aimed at creating accounts, but rather aimed at hacking accounts, emptying the price (or all news, all reviews, all gallery pages, etc). For this, we also check the User-Agent header that the browser sends, and what you often see with this type of attacker is that they send random headers, but often the headers are very old. It is easy to detect which script was written in 2020 and then used a modern user agent header in 2022; Just to name a recent example; We’ve noticed nearly 400,000 views in a week that are supposed to be made by the “Chrome 87” browser.

Fortunately, attackers often use scripts and programs from others and lack the knowledge to keep them up to date, and because browser makers keep releasing new versions, discovering that the script is often temporarily undetectable, but also, if it is used for a longer period of time, often Which is easy to discover within six months.

And even though they put the correct user agent headers, they use local proxies with a different IP address for each request, they support javascript and cookies, and they can still often be tracked due to a lack of things that modern browsers support. Or those modern browsers do something a little different. Just to cite a recent example; I recently found out that the bot always fills the Accept-Language header with ‘and’, while the real browser puts a lot into that; For example “en-US, en; q = 0.5”. If you combine that with a few other things, you can be absolutely sure that it’s a bot.

[Reactie gewijzigd door Kees op 29 september 2022 15:03]