Phony Googlebots Becoming a Real DDoS Attack Tool


Userlevel 7
Badge +54
Visit many sites and in the list of visitors logged on you will see a googlebot crawling through the data. Well it was only a matter of time before this would get taken advantage of by hackers.
 
 
by Michael Mimoso   July 24, 2014
 


 
 
"Even an enterprise with the harshest, strictest blocking rules in place is likely to leave the door ajar for Google’s search bot software known as a Googlebot.
Googlebots crawl websites collecting data along the way in order to build a searchable index that assures a site will be listed and ranked on the search engine.
 
Hackers have taken notice of the access afforded to these crawlers and are using spoofed Googlebots to launch application-layer distributed denial of service attacks with greater frequency.
Research released today from web security firm Incapsula identifies this as a growing trend among attackers; for every 25 Googlebot visits, companies are likely to visited by a fake one. Almost a quarter of those phony Googlebots are used in DDoS attacks, elevating it to the third most popular DDoS bot in circulation, according to product evangelist Igal Zeifman."
 
Full Article

3 replies

Userlevel 7
So............whats the solution??? I say use a different search engine. I use Startpage HTTPS for my searches...what other opinions does anyone have??
Userlevel 7
Badge +54
The only solution as I see it is ban the search bots.
BUT then if you want to research something, how would you find the answer - no search bots = no information stored on the search engines. A different search engine will make no difference as an example I have just taken a look at the site Calendar of Updates and in the list of viewers were the following "AhrefsBot, Bing, Google, Yahoo". My point is that whichever search engine you use they are all granted permission to view the data on that site so hackers see them as an "easy" way in so that they can trawl through and collect data.
I notice that on the Start Page search engine you are given the details of why it is safer (see below) and OK it protects YOUR own personal data BUT it still uses Google to trawl the sites so although StartPage is in itself safer, the more users a search engine (such as Google) has the bigger a target it becomes.
 
"Startpage offers you Web search results from Google in complete privacy!
When you search with Startpage, we remove all identifying information from your query and submit it anonymously to Google ourselves. We get the results and return them to you in total privacy.
Your IP address is never recorded, your visit is not logged, and no tracking cookies are placed on your browser. When it comes to protecting your privacy, Startpage runs the tightest ship on the Internet. Our outstanding privacy policy and thoughtful engineering give you great search results in total anonymity. Here are some of our key features:
  • Free proxy surfing available.
  • Praised by privacy experts worldwide.
  • Fourteen-year company track record.
  • Third-party certified.
  • No IP address recorded.
  • No record is made of your searches.
  • No identifying or tracking cookies used.
  • Connection using powerful SSL encryption.
To learn more, check out our privacy page and read our privacy policy. We're confident you'll like what you see."
Start Page
Userlevel 7
Badge +54
This article goes into it with a lot more info and diagrams to explain it a bit better.
 
by paganinip on July 25th, 2014
 
"Application-layer attacks are today the most insidious DDoS attacks due to frequency and the volume of malicious traffic they generate, these attacks have grown dramatically in the last months as attackers exploit capabilities of huge botnets to overwhelm victim’s resources.
“You don’t have to create a big flood to generate 5,000 visits per second,”“It’s easy to generate 5,000 per second. Layer 7 attacks are more common for sure than Layer 3 or 4 events. The reason is that it’s easier to execute and more dangerous, even in low volumes.”  Zeifman said."

 


 
Full Article

Reply