What is a bot? | Bot definition

机器人是一种 Internet 运行软件程序,执行的是重复性任务。 虽然某些机器人流量来自于善意机器人,但恶意机器人会给网站或者应用程序带来巨大的负面影响。

学习目标

阅读本文后,您将能够:

  • 了解机器人的概念以及机器人的任务
  • 说明善意机器人与恶意机器人二者的区别
  • 了解如何阻止恶意机器人流量

复制文章链接

什么是机器人?

A bot is a software application that is programmed to do certain tasks. Bots are automated, which means they run according to their instructions without a human user needing to manually start them up every time. Bots often imitate or replace a human user's behavior. Typically they do repetitive tasks, and they can do them much faster than human users could.

Bots usually operate over a network; more than half of Internet traffic is bots scanning content, interacting with webpages, chatting with users, or looking for attack targets. Some bots are useful, such as search engine bots that index content for search or customer service bots that help users. Other bots are "bad" and are programmed to break into user accounts, scan the web for contact information for sending spam, or perform other malicious activities. If it's connected to the Internet, a bot will have an associated IP address.

机器人类型:

  • Chatbots: Bots that simulate human conversation by responding to certain phrases with programmed responses
  • Web crawlers (Googlebots): Bots that scan content on webpages all over the Internet
  • Social bots: Bots that operate on social media platforms
  • 恶意机器人:这种机器人会抓取内容、传播垃圾邮件内容或者执行凭证填充攻击
Different types of bots

什么是恶意机器人活动?

Any automated actions by a bot that violate a website owner's intentions, the site's Terms of Service, or the site's Robots.txt rules for bot behavior can be considered malicious. Bots that attempt to carry out cybercrime, such as identity theft or account takeover, are also "bad" bots. While some of these activities are illegal, bots do not have to break any laws to be considered malicious.

In addition, excessive bot traffic can overwhelm a web server's resources, slowing or stopping service for the legitimate human users trying to use a website or an application. Sometimes this is intentional and takes the form of a DoS or DDoS attack.

恶意机器人活动包括:

为实施此类攻击并伪装攻击流量源,恶意机器人可能分布于僵尸网络中,这意味着机器人副本在多台设备上运行,而设备用户往往对此毫无所觉。因每台设备有自己的 IP 地址,故而僵尸网络流量由大量不同的 IP 地址产生,这使得识别恶意机器人流量源并加以阻止难上加难。

企业如何阻止恶意机器人活动?

机器人管理解决方案可通过机器学习的方式,将有害机器人活动与用户活动以及有益机器人活动区分开来。Cloudflare 机器人管理会在不影响用户体验或是不阻止善意机器人的情况下,对恶意行为加以阻断。机器人管理解决方案应能基于异常检测行为分析,识别并阻止恶意机器人,同时仍允许有益机器人访问 Web 属性。

To learn more about setting up bot protection, see our Developer documentation.