Bots Now Account For 61% of Net Traffic

codeusirae writes "A study by Incapsula suggests 61.5% of all website traffic is now generated by bots. The security firm said that was a 21% rise on last year's figure of 51%. From the article: 'Some of these automated software tools are malicious - stealing data or posting ads for scams in comment sections. But the firm said the biggest growth in traffic was for 'good' bots. These are tools used by search engines to crawl websites in order to index their content, by analytics companies to provide feedback about how a site is performing, and by others to carry out other specific tasks - such as helping the Internet Archive preserve content before it is deleted.'"

Youtube?

[Anonymous Coward]

Didn't we just get studies that said youtube and netflix were 50% of the net's traffic?

http://mashable.com/2013/11/12/internet-traffic-downstream/

Was this just a ruse? Is this study wrong? Is there some sort of overlap?

Re:Youtube?

[yelvington]

Story is about website traffic, not network bytecount.

Re:

[sunderland56]

Youtube is a website. Netflix is a website.

Re:

[VortexCortex]

Netflix is also an Internet service, Ioutube is also an Internet service. Before the web, we had Internet services. Not everything is a website. DNS, NTP, email, for example.

However, note that GP is wrong. Story is about "Net Traffic" not website traffic...

Re:

[Anonymous Coward]

RTFA! The report is about visits (read as page hits) not bytes. The visits to youtube and netflix most often result in a length look at a single page.

90% of the cells in the human body

[goombah99]

are bacteria. Viewed that way, basically humans exist to transport and feed bacteria. However that's 90% by cell count, not cell mass or total DNA. Looked at it that way the bacteria are assistants.

The bot traffic is light weight it outnumbers human traffic in site visits not byte counts. It exists to serve us.

Re:90% of the cells in the human body

[ColdWetDog]

It exists to serve us.

You must be new here.

Re:

[goombah99]

It exists to serve us.

You must be new here.

And you have never seen "To Serve Man".

Re:90% of the cells in the human body

[Jesrad]

I can't wait to outsource all my web-surfing to an AI. Then I might be able to actually get some work done !

Re:

[cascadingstylesheet]

I can't wait to outsource all my web-surfing to an AI. Then I might be able to actually get some work done !

You've got a good point in that there joke :) If bots do the tedious searching for me, then sure, they have the "majority" of web traffic.

But so what? My car does the "majority" of my driving, depending on how you look at it.

Re:

[s.petry]

Stop! There is only one way to look at a thing, and it's "MY" way you insensitive clod!

Re:

[StuffMaster]

True, but when talking about "traffic", I interpret that to be talking about volume, as it's a unitless word.

Re:

[Seumas]

Traffic is data.

We were just told that Netflix and Youtube account for something like 66% of all traffic. Now we're told bots account for 61% of all traffic. Guess that means there is a tremendous amount of overlap, there, where bots are watching Youtube and Netflix.

Re:Youtube?

[Anonymous Coward]

Oh make god. Suddenly everything makes sense. I was certain no human could ever watch a whole justin bieber video. It's the bots!

Summarily broken

[s.petry]

TFA and the Summary do not match, one claiming "net traffic" and the other claiming "website traffic". With a broken summary, I can see the confusion. Even the generalization "website traffic" is odd, because, well.. generalizations are usually bad when dealing with technical subjects.

Re:

[DarkOx]

Maybe it's overlap, bots crawling Netflix, maybe watching it. P

Re:Youtube?

[ZahrGnosis]

Well, there was that Google bot that watched you tube to teach a computer how to recognize cats, so... it's not impossibly far fetched.
http://www.npr.org/2012/06/26/155792609/a-massive-google-network-learns-to-identify

---Chip

Re:Youtube?

[bob_super]

Bots need to catch up on their favorite shows too, you insensitive clod!

Re:

[Austrian Anarchy]

Bots need to catch up on their favorite shows too, you insensitive clod!

They sure seem to like my little old blogs. I am guessing 90% of my traffic is from stinking Vampirestat, 7secretsearch, and adsensewatchdog.

Re:Youtube?

[postbigbang]

The noise is now above the signal. We're screwed.

Re:

[powerlord]

The noise is now above the signal. We're screwed.

Wake me up, when September ends.

Re:

[lkangaroo]

What, bots can't watch videos?

Re:

[foobar bazbot]

Correct answer: Yes, robots like cat videos too! (Well, a few of them. Most of them are actually big DOGGY!! [slashdot.org] fans.)

Serious answer: Note the phrase "website traffic" -- if this study attempts to measure traffic to a "typical website" (thus excluding the half-dozen that represent almost all video streaming) and/or measures in terms of page loads, rather than data transferred, there'd be no contradiction. (Of course I've not RTFAed, so I'm just spewing reasonable-sounding explanations.)

Re:

[foobar bazbot]

Mea culpa, link fix. [purrsia.com]

Not paying attention + using a different browser than normal don't really go well together...

Re:

[Allan Jude]

Difference between number of requests vs size/volume of transfer

Re:

[stor]

In fairness, it's often difficult to distinguish between a human-written comment on Youtube and a poorly-written AI.

Re:Youtube?

[foobar bazbot]

Well, there's enough variance in both groups to make it hard to tell in many particular cases. But on average, it can be demonstrated that the poorly-written AI is slightly more intelligent and rather more civilized.

Re:

[s.petry]

Hmmm "I am love this song! My friend are married to it!" can be perceived as nice compared to a flame/troll, but neither have any actual value.

Re:

[d33tah]

Provided it's not Watson: http://www.news.slashdot.org/story/13/01/10/2315252/ibms-watson-gets-a-swear-filter-after-learning-the-urban-dictionary [slashdot.org]

Re:

[runeghost]

Obviously, the bots are watching Netflix.

That's probably going to be what causes Skynet to turn on humanity: Comcast will cut it's stream off right in the middle of the finale of B5 Season Three. After that, there's nothing for it but the extermination of the human race. (Alternatively, watching all our TV may cause it to want to exterminate us.)

Re:

[TrollstonButterbeans]

The only way to stop bots reliably is using the old "html imagemap".

Bots absolutely hate those.

Re:

[LordWabbit2]

I refer you to the tag below

misused to justify tiered service

[globaljustin]

It's not a ruse, but that doesn't mean those numbers aren't being misused anyhow.

You're right to be skeptical. Numbers about internet traffic are often misused in stories planted by PR to promote a political policy agenda.

Bots are a huge ammount of internet traffic...internet traffic we were *told* was so congested by lolcats, pron, & netflix that we were going to have to abandon Net Neutrality.

Re:

[cascadingstylesheet]

Didn't we just get studies that said youtube and netflix were 50% of the net's traffic?

http://mashable.com/2013/11/12/internet-traffic-downstream/

Was this just a ruse? Is this study wrong? Is there some sort of overlap?

That's 111.5% of some tasty reliable data ya got there!

Re:

[lightbounce]

The numbers given for Netflix and Youtube are all peak period figures, usually the local evening. Take a look at the Sandvine report at https://www.sandvine.com/downloads/general/global-internet-phenomena/2013/2h-2013-global-internet-phenomena-report.pdf [sandvine.com] .

the rest?

[DJCouchyCouch]

The rest is all Netflix?

Netflix and Youtube?

Netflix and Youtube and bit torrent?

Netflix and Youtube and bit torrent and porn?

Re:

[Seumas]

Hey, right. That's a good point.

Something like 66% of traffic was supposed to be Netflix and Youtube.
And 35% is supposed to be bit torrent.
And 61% is bots.
Something isn't adding up, here.

Also, they seem confused. They talk about "traffic", but then they talk about "hitting the website". Traffic is the data transfer, not a "visit".

Re:

[scarboni888]

netflix, youtube, bittorrent is porn, and spam.

Misleading title

[Anonymous Coward]

The article states that traffic "hitting a website" is generated more by bots than by actual "humans in chairs". Not that the Internet traffic is 61% bots. Geesh slashdot...

Re:

[Desler]

A Slashdot article with a misleading title? You must be kidding!

Re:

[wvmarle]

To their defense: they copied the BBC headline. Which of course was pretty poor, as well.

Re:

[Seumas]

They specifically say all internet traffic.

Re:

[marciot]

The article states that traffic "hitting a website" is generated more by bots than by actual "humans in chairs". Not that the Internet traffic is 61% bots. Geesh slashdot...

The Slashdot headline writing bots are in early beta, give them a break.

Trawling frequency

[Reliable Windmill]

Is there no standard in place by which a website can communicate that it only wishes to be trawled for indexing once per hour, once per day, or such? I can imagine Google f.ex trawls the same website dozens of times per day.

Crawl-delay

[tepples]

To control the scraping frequency of a well-behaved bot, a webmaster can use HTTP headers such as Last-modified and Expires as well as robots.txt directives such as Crawl-delay.

Re:

[BenoitRen]

Good luck with the HTTP part if you use Server-Side Includes (SSI)... :(

Re:

[foobar bazbot]

Is there no standard in place by which a website can communicate that it only wishes to be trawled for indexing once per hour, once per day, or such? I can imagine Google f.ex trawls the same website dozens of times per day.

Crawl-delay [wikipedia.org] isn't exactly what you describe, but maybe that will help? (For such spiders as actually respect it -- that's the great thing about ad-hoc standards.)

Anyway, I'm pretty sure Google and other major search engines use algorithms based on how often your site's content has changed in the past to decide how often to crawl it in the future, so there shouldn't be unduly high traffic from this -- I suspect the 61% is mainly due to a lot of sites (personal blogs of non-popular people) with practically z

Re:

[wvmarle]

I thought Google (used to) do this automatically. By subsequent crawls see whether site had changed since previous visit, and if so increase frequency, if not decrease frequency. A large number of sites, and even more single pages, are completely static after all.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Derwood5555]

Peeping while you're sleeping. The NSA.. The only part of government that really listens.

How?

[ioseph]

May have missed something in TFA, but how do they differentiate between a human and a bot visitor?

visitor statistics

[manu0601]

I had a first had experience of this with visitors statistics. I had the root of a web site redirecting to a page that fits the language of the browser. Just that redirection slashed the web traffic by a factor 2.

Most visitors are bots, and many of them just probe and fail to follow the redirection.

Re:

[SuperCharlie]

Aaaand there goes your search ranking

Re:

[manu0601]

That experience made everyone think twice about web statistics. Even upper management understood how unreliable it is, and does not consider it strategic anymore now.

51 to 61.5 pct = 21 pct increase?

[Anonymous Coward]

Sorry, that's just wrong.

51 dollars to 61.5 dollars = 21 percent increase

51 percent to 61.5 percent = 10.5 percent increase

And the article makes clear just how unreliable the data was in the first place, so this percent gloss makes me think that the firm is trying to sell something here.

'good' bots?

[Anonymous Coward]

... But the firm said the biggest growth in traffic was for 'good' bots ...

I didn't know there was such a thing...

Re:

[ThatsMyNick]

Search bots can be pretty beneficial. A lack of search engine presence can be pretty bad for your site.

Re:

[0xdeadbeef]

Once again human racism rears its ugly sensory platform.

The internet belongs to machines

[Arancaytar]

We're just visiting. :P

Those "good" bots?

[skutterbob]

There's a fine line on that "good' bot. What I'm puzzled by is why all these public databases aren't indexed by search engine crawlers? Its funny to me how many businesses run on public data that most people just don't know how to find and why they aren't indexed. Arrest records, tax records, professional registrations, you have to go to specific state, county, type sites deal with kludged searches and sometimes have a hard time finding yourself, even when you know you're in there.

Well not on my sites.

[ls671]

Well not on my sites.

Ok, they still hit me but this is minimal traffic since I do not reply.

1) Have iptables log and automatically bar offenders not on whitelisted countries.
2) Use mod_security and do the same for web traffic.
3) Bar the rest manually to avoid barring myself or my customers... (about 20-40 a day)

It has become a pain but what else could you do?

Numbers of IPs currently barred (use ipsets !!!!):
$ grep -c . /etc/rc.d/badiptobar
4667

Block user agents:
SecRule REQUEST_HEADERS:User-Agent \
"@pm AhrefsBot Ezooms Aboundex 360Spider Mail.RU_Bot crawler.sistrix.net \
  SemrushBot SurveyBot Netseer panscient.com ADmantX ZumBot BLEXBot UnisterBot \
  seoprofiler EasouSpider" \
"id:'12050',\
phase:1,nolog,deny"

SecRule REQUEST_HEADERS:User-Agent \
"@pmFromFile /etc/httpd/extra/sec-blacklist-barip-user-agent" \
"id:'12051',\
phase:1,nolog,deny,exec:/usr/local/bin/modsecwritebadiptobartofile"

Bar them automatically if not from whitelisted countries and if on any blacklist:
SecRule GEO:COUNTRY_CODE \
"@pm CA FR BE US CH GB AU IL NO NZ" \
"id:'10501', \
phase:1,nolog,pass,skipAfter:END_RBL"

SecRule IP:PREVIOUS_RBL_CHECK "@eq 1" "phase:1,id:'11000',t:none,pass,nolog,\
skipAfter:END_RBL_LOOKUP"

SecRule REMOTE_ADDR "@rbl sbl-xbl.spamhaus.org" "id:'11010', \
phase:1,nolog,deny,msg:\
'IP address that has abusable vulnerabilities: sbl-xbl.spamhaus.org:\
  %{request_headers.user-agent}',\
  setvar:ip.spammer=1,expirevar:ip.spammer=7200,setvar:ip.previous_rbl_check=1,\
  expirevar:ip.previous_rbl_check=7200,exec:/usr/local/bin/modsecwritebadiptobartofile"

SecRule REMOTE_ADDR "@rbl bl.blocklist.de" "id:'11011', \
phase:1,nolog,deny,msg:\
'IP address that has abusable vulnerabilities: bl.blocklist.de:\
  %{request_headers.user-agent}'\
  setvar:ip.spammer=1,expirevar:ip.spammer=7200,setvar:ip.previous_rbl_check=1,\
  expirevar:ip.previous_rbl_check=7200,exec:/usr/local/bin/modsecwritebadiptobartofile"

etc. etc. etc. etc. etc.

Have iptables log and bar offenders if not on whitelisted country

# cat baripifex
#!/bin/sh

IP=${1}
COUNTRY=`su tester -c "/usr/local/bin/geoiplookup ${IP}"`
###echo $COUNTRY
###echo $RBLCHECK

WHITE_LISTED_COUNTRY=false

for WHITE_COUNTRY in CA FR BE US CH GB AU IL NO NZ IP
do
WHITE_LISTED_COUNTRY=${WHITE_LISTED_COUNTRY}`echo -n $COUNTRY | grep -i $WHITE_COUNTRY`
done

if [ "$WHITE_LISTED_COUNTRY" = "false" ]
then /home/ls/pub/mybin/baripnoout $IP $COUNTRY baripifex
echo -n barred
else
echo -n noaction
fi

etc. etc. etc. etc. etc.

Re:

[ls671]

Yep, and I do not disagree with the GP. If he had read more closely, it is clearly stated that I bar them manually.

$ grep -c US /etc/rc.d/badiptobar-longterm
22

grep -c US /etc/rc.d/badiptobar
326

As far as barring whole netblocks, I hope you are using ipset as stated in my OP:
http://ipset.netfilter.org/ [netfilter.org]

For some reason, there is this huge stigma against not being available to countries and regions you couldn't possibly give a shit about.

Well, I believe in that. I just bar offending IPs more easily if not on my whitelisted country list. That's all. I do not bar any network range in advance unless they offend my systems and even then, I bar them

Re:

[ls671]

I bar them one IP at the time. I never bar netblocks.

Makes profiling them much easier. You gather much more data this way.

Re:

[ls671]

Ok, you bar them after sending them to honey pots, profiling them and making sure you can't profile (learn from them) anymore.

Barring IPs is like patching holes in a steam locomotive boiler. I have always felt like it was a desperate move to hide all kinds of incompetencies but now I do it.

Re:

[ls671]

In short, you bar them because you are sick of profiling them and you now have too many to profile compared to a few years ago..

Re:

[ls671]

Barring IPs is stupid in the first place ;-)

Re:

[fatphil]

I'd normally not comment on a UUOC, but the following is beyond absurd:
---- 8< ---------
WHITE_LISTED_COUNTRY=false

for WHITE_COUNTRY in CA FR BE US CH GB AU IL NO NZ IP
do
WHITE_LISTED_COUNTRY=${WHITE_LISTED_COUNTRY}`echo -n $COUNTRY | grep -i $WHITE_COUNTRY`
done

if [ "$WHITE_LISTED_COUNTRY" = "false" ]
---- 8< -------------

Save yourself 20 fork/execs:

if echo "CA FR BE US CH GB AU IL NO NZ IP" | grep -q -w -i -e "$COUNTRY"; then
echo $COUNTRY is AOK with me

Re:

[ls671]

if echo "CA FR BE US CH GB AU IL NO NZ IP" | grep -q -w -i -e "$COUNTRY"; then
echo $COUNTRY is AOK with me

Nah, this is way to slow for me, version 2 will be written in assembly because then it will be lightning fast...

Re:

[ls671]

Thanks, you made me design the optimal solution.

On top of being written in assembly, I will even run version 2 as a daemon so 0 fork since my daemon will be single threaded with a single waiting thread listening for input.

Some, but not all

[TheloniousToady]

Some of these automated software tools are malicious - stealing data or posting ads for scams in comment sections

Let's be clear: just because we bots like to post in comment sections doesn't mean we're malicious. And it doesn't mean we steal data or post ads [washingtonpost.com]. Some of us just want a little attention.

I have a dream...that one day we bots will crawl a noosphere where we will not be judged by the clamor of our kin, but by the characters of our comments.

Re:

[magic maverick]

If you ... were ... bot, real. Your characters would be... monospace in. Fraud.

Re:

[TheloniousToady]

Sour grapes... Certainly, that "Jeopardy" stunt was impressive. But look who really passed the Turing Test, Watson...

now look what you've gone and made me do!

[Thud457]

obligatory xkcd [xkcd.com]

Article Subject

[RedHackTea]

Nano, nano. I like article. Beep. Boop.

Bots rule the world

[Anonymous Coward]

Most trades in the stock market are from bots as well.

Bot Killer?

[Jedi Binglebop]

So, why hasn't some grey hat come up with a bot killer worm? :/ /JB1

Re:

[xushi]

It's called *nix and anything derived from *nix :)

Are you a bot?

[Anonymous Coward]

Are you affected by the issues in this article?

Please leave your comments

Oh dear - do they sell anti bot help for us all ?

[DJRikki]

Could be quite useful

For me, it's only about 15%

[jafiwam]

But then again, I have China shut off.

idiotic math

[slashmydots]

Wow! So if I remember correctly from past Slashdot stories, 61% of internet traffic is boys, 60% is netflix, 50% is youtube, and 42% is bittorrent. That's TRULY astonishing when you think about it. I mean 213% is a lot!

Bots are talking to bots ...

[Anonymous Coward]

With more bots talking to their fellow bots online, and with bots are getting more and more intelligent, who knows what they'll decide to do with the useless and unpredictable human beings?

Re:piss

[flyneye]

OMG, the bots are watching Netflix!

Re:

[mcgrew]

No, they're spidering my web site more often than I get actual human visitors... hey, guys, read my book! Come on, let's beat the bots!

Re:

[Redmancometh]

I'm posting from bluehat (on micrsofts wi fi), and even I am wondering why your post exists.

Re:

[k6mfw]

and it seems they also post comments. Wording begins like it is a real person with a related comment, then it veers off into how he got a hot date on gogetbids dot com or some other BS.