<< Back to Blog

The importance of IP reputation monitoring

Today, online business is affected by numerous attacks. Some of them are performed by people and some by bots which are simply software applications that run different automated tasks to compromise websites. However, both use dynamic IP rotation as a way to evade security solutions using Tor networks and open proxies to disguise their real IP addresses. In that case, as defenders, we should use threat intelligence data to check IP reputation of visitors and if we have special software to protect web applications from attacks, configure our security systems to block malicious human and bot traffic.

IP Reputation

RST Cloud uses different sources of threat intelligence data to eliminate false positives and calculate more acccurate threatscore. At this time we support:
 - Sblam! (https://sblam.com/)
 - StopForumSpam (http://www.stopforumspam.com/)
 - CINS Score (http://cinsscore.com/)
 - Blocklist.de (http://www.blocklist.de/)
 - Ransomware Tracker (https://ransomwaretracker.abuse.ch/)
 - SSLBL (https://sslbl.abuse.ch/)
 - AlienVault OTX (https://www.alienvault.com/open-threat-exchange)
 - Binary Defence (https://www.binarydefense.com/threat_intelligence/)
 - EmergingThreats (https://rules.emergingthreats.net/)

Bad bots enable attackers, unfair competitors, and fraudsters perform a wide range of potentially harmful actions by using different types of scripts: web form spammers, comment spammers, SQL Injection worms, vulnerability scanners and many others. Furthermore, they degrade website performance because such bots can consume up to 40% of all website traffic according to statistics. Therefore, it is obviously essential to detect and prevent their activity, even when bots try to report themselves as humans by including into requests the UserAgent which represents a browser popular today such as Chrome, Safari or Firefox. Additionally, it is easy to find spam commenters IP and delete all unsolicited messages they published.

By using RST Cloud, it is possible to detect malicious IP addresses and use this information to block them. It increases not only a security level, but also releases some hardware resources to process legal requests and, though, increase the overall site performance.

Posted on July 07, 2016 by Yury Sergeev