Villa protects their online shop from bot attacks with Cloudflare
Sneakers have long been at the helm of urban fashion and culture, and with the Jordan brand, one of the most recognized sneaker brands in the world, pulling in $2.8bn in revenue in 2016, sneakers are also serious business. With the sneaker culture favoring limited release, hard-to-find shoes, people have turned to writing bots to scrape the web for the latest shoe releases giving them a buying advantage over the usual customer. Though bot users still pay for the sneakers they’re looking for, they hurt businesses by keeping in-demand shoes out of stock and ruining the performance of the sites they crawl.
“Bot Traffic hurts our customer experience because they can’t buy the shoes they’re looking for,” explained Matthew Butch, Systems Engineering Manager at Villa. “We want to sell to the customers that aren’t trying to game the system. If we sell out of a shoe as soon as it’s released because bots buy all of the units, then our customers don’t come back to us the next time we have a release. As a business, we want to sell to the real customers because they’re also adding other merchandise to their carts and coming back later to buy other products. The bots only look for a specific shoe and don’t care where or how they get it.”
The bots that crawl Villa’s site also negatively affect the site’s performance. “Bots suck up the performance power of our servers,” Butch continued, “by constantly requesting pages, taking up data and request processing, all of which increases our infrastructure costs and degrades the shopping experience for our real customers. If a normal user visits our site and it’s a slow, unpleasant they won’t come back.”
“Today we use Cloudflare’s Rate-Limiting to block these bots and ensure we deliver a good experience for our users,” Butch related. “We have a few rules that rate limit based on the pages that are being requested and the geographic regions the requests are coming from, which have worked to give legitimate users a great shopping experiencing while blocking and banning the bots that hurt our business. As a result we’ve seen a tremendous reduction on the feedback we get on twitter, we have 15% fewer customer service complaints, and I, personally, don’t spend time manually blocking IP’s and looking at access rules, I just turn rate limiting on and my time is free to work on other important tasks.”