cross-posted from: https://infosec.pub/post/11194362
49.6% of all internet traffic came from bots in 2023, a 2% increase over the previous year, and the highest level Imperva has reported since it began monitoring automated traffic in 2013. For the fifth consecutive year, the proportion of web traffic associated with bad bots grew to 32% in 2023, up from 30.2% in 2022, while traffic from human users decreased to 50.4%. Automated traffic is costing organizations billions (USD) annually due to attacks … More → The post Bots dominate internet activity, account for nearly half of all traffic appeared first on Help Net Security.
Yea. Along with web rings, human-focused search and just harbouring communities better … we gotta start building people-focused online gardens and ditch this capitalistic hustle shit.
Not all bots are bad, the piped bot is nice and there are others too
That sounds like something a bot would say…🧐
Beep boop ah shiet… They done got me this time… runs away leaking oil and steam
—€
Yeah i started loving the tldr bot the day i met it lol .
My CDN bill recently went from about $5 a month to over $200. Turned out it was Tictok’s spider relentlessly scraping the same content over and over again.
It was ignoring robots.txt. In the end I just had to ban their user agent in the CDN config.
What proportion of the bots were fediverse servers syncing with each other?
Yeah, I’m wondering about how they characterize “bot activity.” It seems like “any traffic not proximally related to a user’s synchronous activity” is a little too broad.
I’m not sure if fediverse syncing is bot activity. Or my laptop checking for software updates while I’m sleeping. Or my autopay transactions for utility bills.
From the org’s definition of bots, I’d say it’s implicit that bot activity excludes expected communication in an infrastructure, client-server or otherwise. A bot is historically understood as an unexpected, nosy guest poking around a system. A good one might be indexing a website for a search engine. A bad one might be scraping email addresses for spammers.
In any case, none of the examples you give can be reasonably categorized as bots and the full report gives no indication of doing so.
I’d argue that with their definition of bots as “a software application that runs automated tasks over the internet” and later their definition of download bots as “Download bots are automated programs that can be used to automatically download software or mobile apps.”, automated software updates could absolutely be counted as bot activity by them.
Of course, if they count it as such, the traffic generated that way would fall into the 17.3% “good bot” traffic and not in the 30.2% “bad bot” traffic.
Looking at their report, without digging too deep into it, I also find it concerning that they seem to use “internet traffic” and “website traffic” interchangeably.
Yeah, their reporting suffers from not adequately defining what is being measured.
It will get worse with AI joining the fray!
I don’t believe it. Its gotta be more than that.
Don’t forget that porn is a huge chunk as well. Between bots and porn there’s little left.