The annual shopping frenzy around Black Friday and Cyber Monday brings with it a meteoric surge in traffic for eCommerce websites. While the immediate surge in visitors might seem like a cause for celebration, SRE teams understand that with great traffic comes great responsibility. A significant portion of this seemingly exponential traffic influx comprises bots, with estimates suggesting their presence could be as high as 35.7%. This blog post delves into the critical aspects of handling bot traffic during the Black Friday shopping extravaganza, differentiating between the "good bots" and the "bad bots," and how their management can be the defining factor between a successful shopping weekend and a site overwhelmed by traffic.

Malicious bots now inundate commerce sites with over 5 trillion requests in 15 months per Akamai’s research paper Entering Through the Gift Shop: Attacks on Commerce, State of the Internet, Volume 9, Series 3”. Bot traffic spikes during holidays to enable fraud and degrade performance through tactics like credential stuffing attacks, price scraping, and diverting customers. Even seemingly benign bots can still negatively impact customer experience and business metrics.

The Good Bots

SEO bots, the benevolent members of the bot community, play an essential role in improving search rankings by meticulously crawling and indexing website content. However, during peak traffic periods like Black Friday, it's crucial to guide them towards cached pages. This redirection ensures that they do not inadvertently consume the resources intended for genuine customers, thus optimizing the overall user experience.

The Bad Bots

On the flip side, lurking in the digital shadows, we have the "bad bots." These nefarious entities encompass a spectrum of disruptive elements, including scraping bots, spam bots, and malicious bots. They are not just resource hogs; they pose a real threat to website integrity by potentially launching DDoS attacks. As the Black Friday traffic intensifies, it becomes imperative to employ countermeasures.

One effective strategy is the use of honeypots, a deceptive technique that can divert and trap malicious bots. Honeypots are essentially fake pages or endpoints deliberately designed to attract and identify malicious activity. When a bad bot attempts to access these honeypots, it becomes ensnared in a web of deceit, enabling the security team to analyze its behavior and take appropriate action.

Additionally, sophisticated bot management tools can play a crucial role in identifying and mitigating the threats posed by bad bots. Techniques such as IP reputation filtering and behavioral analysis are invaluable in distinguishing and deterring bot traffic.

Did You Encounter Issues?

Image

Photo by Unsplash+ in collaboration with Mariia Shalabaieva

If your website experienced performance bottlenecks or, worse yet, outages during the Black Friday weekend, undocumented bot traffic might have played a significant role. The absence of clear visibility into your traffic composition makes capacity planning and forecasting a daunting challenge. Moreover, detailed metrics concerning anonymous traffic, user sessions, purchase funnels, and promotional campaigns can be adversely affected. After all, bots are not prone to completing purchases or clicking on personalized recommendations.

Looking Ahead

In preparation for Cyber Monday 2024 and beyond, consider the following PhotonIQ AI-powered services to get ahead of malicious bots and wasted resources:

  • Virtual Waiting Rooms: Deploy intelligent virtual waiting rooms during traffic spikes to manage the influx of visitors effectively. Note not all virtual waiting rooms are created the same. Some services may not be able to handle the scale or intelligently move traffic to prevent overload or users in an endless queue.
  • Fingerprint: Employ advanced visitor fingerprinting techniques to identify and categorize anonymous traffic, enabling tailored responses. Older fingerprint technologies may be code-heavy and difficult to implement as a fraud prevention tool and personalization without negatively affecting performance, which  eCommerce companies are trying to avoid.
  • Honeypots: Complement legacy defenses by using honeypot trap triggers to detect bots in real time. By continuously monitoring bot interactions with the honeypots in real-time, analytics can correlate which honey triggers to use to block future bots.

Proactively managing bot traffic is not just a matter of technical optimization; it's a strategic necessity. By ensuring that resources are allocated judiciously and primarily serve authentic customers, you can guarantee a smoother and more profitable shopping season next year. Be sure to download the "A 12-Month SRE Guide to Cyber Five 2024" with monthly tips on planning for the holiday season traffic and sales opportunities.

Let us know if you need assistance in identifying visitors, managing traffic, and keeping those malicious bots at bay! Schedule a chat with an Enterprise Solution Architect today for more information.

First photo by Unsplash+ in collaboration with Mariia Shalabaieva.