top | item 39061603

(no title)

Here is some of the feedback. In terms of bot protection you would get a 1/10. Perhaps, a 2/10 on a good day.

First, your payload is being sent using base64 encoded using the default alphabet. You only need a simple atob() to decrypt your payload.

Second of all, your bot detection script is very readable making the job of the attacker relatively easy to reverse.

Third, but not least, you do not have enough signals/fingerprints which means that your false positives are going to sky-rocket.

Bots are not dumb, they are programmed by real humans, your site is extremely easy to reverse. You need to add more obfuscation, more signals, better client-side protection in order to quality for real "bot detection".

Source: I reverse antibots for fun and profit, is literally all I've been doing for the past 2 years straight.

discuss

timshell|2 years ago

Thank you for this feedback! We'd love to contract you in the future to try and break our system

compootr|2 years ago

hey, I'd be happy to be contracted to break your solution as well

the arms race between bot and anti-bot is fascinating and I think I could reasonably overcome barriers like it, so HMU!