Bot Definitions

Bad Bots

Hidden identity, unknown use, data theft, negative effects on website performance.

Ad Fraud

Bots leading to false clicks and fraudulent display of web-placed advertisements (ads).
Fabrication or manipulation of the number of times an item such as an ad is clicked, or the number of times it is displayed. Such bots are used by owners of ads-displaying websites, competitors and vandals.
Source: Automated Threats to Web Applications.

DDOS Attack

DDOS Attack
Bots targeting application/database servers' resources or individual user accounts, to conduct denial of service attacks (DoS).
The activity may resemble a legitimate application's process, but leads to the exhaustion of resources such as file system, memory, processes, threads, CPU, as well as human and/or financial resources.
Source: Automated Threats to Web Applications.

Bots generating malicious or questionable information that appears in public or private pages, databases or user messages.
Malicious content can include malware, IFRAME distribution, photos, videos, advertisements, referrer spam and tracking/surveillance code. The content might be less overtly malicious but can be an attempt to cause mischief, undertake search engine optimization (SEO) or dilute/hide other posts.
Source: Automated Threats to Web Applications.

Vulnerability Scanning

Bots that systematically tally, catalogue and examine identifiable, predictable and unknown content locations, paths, file names and parameters, in order to find weaknesses and possible security vulnerabilities.
Source: Automated Threats to Web Applications.

Application hack
Bots trying to find application vulnerabilities.

Wordpress Hack
Bots accessing Wordpress pages with security vulnerabilities.

Hacker UserAgent
Bots using the popular hacker tool UserAgent.

IP ranges identified as being used by the "Methbot" Ad fraud operation.

SQL Injection:
SQL is a database known for its vulnerabilities. SQL Injection attacks target those vulnerabilities.
Bots use SQL vulnerabilities to collect or delete data.

XSS Injection
XSS enables attackers to inject client-side scripts into web pages viewed by other users.
A cross-site scripting vulnerability may be exploited by attackers to bypass access controls such as the same-origin policy.

Path Disclosure
Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the path to the webroot/file.

Intense Scraping

Bots collecting application content and/or other data for use elsewhere.
Some scraping may use fake or compromised accounts, or may exploit information that is accessible without authentication.
Source: OWASP Automated Threats to Web Applications.

Bots conducting single visits on pages in order to index a website.
These bots discover websites and try to index content. They surf from page to page and only need to visit each page once.

UserAgent Browser Automation
Bots using the popular UserAgent Browser Automation.

UserAgent Crawler
Bots using the popular UserAgent Crawler.

UserAgent FeedParser
Bots using the popular UserAgent FeedParser.

UserAgent Library
Bots using the popular UserAgent Library.

UserAgent LinkChecker
Bots using the popular UserAgent LinkChecker.

UserAgent Linux Command
Bots using the popular UserAgent Library.

UserAgent Missing
Bots that are not sending any UserAgent.

Account Takeover

Account takeover fraud is obtaining a legitimate user’s details to take over their online accounts, possibly exploiting monetary or credit card theft.

Credential stuffing
Bots conducting mass log-in attempts used to verify the validity of stolen username/password pairs or identifying valid login credentials by trying different values for usernames/passwords.
Source: Automated Threats to Web Applications.

Commercial Bots

Bots created by commercial companies collecting and exploiting content. Their identity is transparent.

Researching for content in order to offer optimized ad spaces. They scrap content and classify websites.

Researching and comparing products, services, companies and prices.

Competitive Intelligence:
Gathering data about the competition in order to build reports and create insights supporting decision making.

Data Provider:
Gathering data in order to sell it. They scrap, index and sell data.

Marketing Database:
Gathering data by exporting marketing databases to sell, but have no dashboard.

Marketing Tools:
Technical solutions to analyze traffic and understand how clients behave on websites.

Media Monitoring:
Following brand references in forums, social media sites, etc. Providing insights to brands in order to optimize their visibility in social media sites.

Security Intelligence:
Scanning for program security confirmation.

SEO Software:
Scraping and indexing activities to understand website indexing logic and to help improve clients' indexing.

Web Aggregator:
Web service aggregating data incoming from multiple sources (comments, review, news, prices, products, etc.). They scrape, index and publish the data online.

Good Bots

Bots adding value or traffic to websites. These could be search engines, social network providers, partners, service providers, etc.

Alt Search Engines:
Alternative search engines. They crawl the web in order to build alternative search engines.

Digital Library:
Building public archives for research and safekeeping.

Major Search Engines:
Collecting documents from the web to build a searchable index for search engines.

All IPs manually whitelisted on your website.

Social Networks:
Indexing website for internal search engines. Supplies visual support when a link is shared.

Technical Partners:
Performance measurement tools and payment service providers.