KobiBooks comes equipped with technology to prevent bots or malicious users from abusing your site. Every time a request is made to the server, the request is analyzed to determine if it is a valid request or if it might be coming from a bot or other ‘bad actor’.
Here’s the current list of ways KobiBooks protects your system, and the order they are applied:
- 100 hits within 10 minutes. If a user racks up over 100 hits within a 10 minute timeframe, they’re probably a bot or someone that is mining your pricing information. Normal user actions don’t come anywhere close to this limit.
- No “User Agent”. Regular web browsers report what kind of browser they are to the web server. Bots don’t have to send this information and amateur bot writers often don’t bother to include it. It’s an easy tip-off that something is wrong.
- No “Referrer” when required. Some pages require that a “Referrer” be provided in the header information to protect them from abuse. Once again, normal web browsers provide this information, but someone trying to access the protected page directly without first coming from another page on your site would be lacking that data.
- No “Referrer” and no API User ID Data. Similar to the check above, some pages require that a referrer be provided or a valid API user ID is included in the URL.
- SQL Injection Attack: If the incoming request appears to be a SQL injection, that user is immediately blocked.
This list of protections is updated when new attack methods are discovered or exceptions need to be made.
When a block is made, it’s based on an IP address. That IP is blocked for one hour. Each time that IP makes an additional request while they’ve been blocked, it extends the block to one hour from their latest request.