ArtStation Thwarts Malicious Bots With Cloudflare

If you’re a creative, one of the most challenging parts of your job is getting your work in front of the right audience. ArtStation’s platform helps solve that: it enables professional artists and designers to showcase their portfolios, find work and make money via an online marketplace.

It’s a vibrant hub of creativity that’s growing quickly — enough so that it caught the attention of one of the Internet’s most prevalent threats: bots. Lots of bots.

ArtStation’s battle with malicious bots climaxed at the company's holiday office party. In the midst of the festivities, the ArtStation team noticed an influx of complaints from customers. Soon, they realized that bots had attempted to hijack thousands of accounts using credentials harvested from security breaches elsewhere — with enough success to deluge the site with spam.

ArtStation founder and CEO Leonard Teo says the team quickly worked to clean up the site and repair compromised accounts. Due to the increased sophistication and quantity of the malicious activity, ArtStation turned to Cloudflare.


“Bots get in the way of building our platform. We’ve seen everything from competitors scraping our content to bad actors that stuff credentials in order to gain access to customer accounts. The safety of our client accounts are paramount and these bot attacks that were increasing in frequency and sophistication were undermining our business.”
- Leonard Teo
Founder and CEO, ArtStation

An Old Threat Learns New Tricks

Bots are computer programs that automatically navigate and interact with the Internet. Some are benign, like the Googlebot, which crawls the web with the aim of improving Google’s search engine. But many bots are malicious — they aspire to exploit stolen passwords, scrape content, and fill sites with spam.

Nefarious bots have existed for years, but it’s only more recently that they’ve become an epidemic. What’s worse, today’s bots have learned to bypass conventional mitigation techniques like rate limiting and IP blocking. In one month, 11 billion login attempts — 50% of all login attempts across Cloudflare’s 20 million Internet properties — are made by bots instead of by humans. That’s why Cloudflare developed a novel, robust solution founded in machine learning.

The Cloudflare Difference

Cloudflare’s Bot Management is powered by the collective intelligence derived from the over 20 million Internet properties on its network. Whenever Cloudflare detects a bot attack in one part of the network, it informs a threat recognition model that is applied across every other site. In other words: every bot attack makes Cloudflare’s defenses even stronger.

The key is machine learning. Because of the immense scale of Cloudflare’s network — Internet requests for ~10% of the Fortune 1,000 run through Cloudflare’s network — it can apply machine learning algorithms to detect patterns that would otherwise be invisible. Cloudflare’s Bot Management also goes one step further: it doesn’t just look at the initial fingerprint of a potential threat; it also evaluates its behavior over time.

And because some bots are good (indeed, search engine bots are essential to many businesses) Cloudflare Bot Management automates whitelisting traffic from benign actors.

A Clean Palette

As soon as ArtStation turned on Cloudflare Bot Management, its team realized the problem was even bigger than it first thought: “Hundreds of thousands of malicious requests were swarming the site. There were attacks we weren’t even aware of,” Teo says.

Enabling Bot Management swiftly resolved that. Foiled by Cloudflare’s robust protection, the bots decided to turn their malicious intent elsewhere.


“Before enabling Cloudflare’s Bot Management, you don’t really have much idea about what’s going on with your site — all you can see are the results of malicious bot activity.

With Cloudflare, we could see hundreds of thousands of malicious requests rotating through IP addresses, trying to login using hacked credentials and spam our site. Cloudflare automatically blocked them.

Soon, we saw the number of malicious attacks drop drastically. Because of Cloudflare, it just wasn’t worth the bother, so they gave up. We still see a few bots trying — but they don't get through, thanks to Cloudflare.”
- Leonard Teo
Founder and CEO, ArtStation

ArtStation Thwarts Malicious Bots With Cloudflare
Case study correlati
Prodotti correlati
Risultati principali

• ArtStation was under siege from hundreds of thousands of malicious bot requests

• Bots were scraping the site, attempting to hijack accounts, and posting spam

• Enabling Cloudflare Bot Management stopped malicious bot activity in its tracks

• Cloudflare also detected and blocked malicious bot activity that was otherwise invisible

“With Cloudflare, we could see hundreds of thousands of malicious requests rotating through IP addresses, trying to login using hacked credentials and spam our site. Cloudflare automatically blocked them. Soon, we saw the number of malicious attacks drop drastically. Because of Cloudflare, it just wasn’t worth the bother, so they gave up.

We still see a few bots trying — but they don't get through, thanks to Cloudflare.

Leonard Teo
Founder and CEO, ArtStation