What is a bot? | Bot definition

傀儡程式是在網際網路上作業並執行重複任務的軟體程式。雖然有些傀儡程式流量來自良好傀儡程式,但惡意傀儡程式仍可對網站或應用程式造成巨大的負面影響。

學習目標

閱讀本文後,您將能夠:

  • 理解什麼是傀儡程式以及傀儡程式進行的事項
  • 說明良好傀儡程式與惡意傀儡程式之間的差異
  • 瞭解如何終止惡意傀儡程式流量

複製文章連結

什麼是傀儡程式?

A bot is a software application that is programmed to do certain tasks. Bots are automated, which means they run according to their instructions without a human user needing to manually start them up every time. Bots often imitate or replace a human user's behavior. Typically they do repetitive tasks, and they can do them much faster than human users could.

Bots usually operate over a network; more than half of Internet traffic is bots scanning content, interacting with webpages, chatting with users, or looking for attack targets. Some bots are useful, such as search engine bots that index content for search or customer service bots that help users. Other bots are "bad" and are programmed to break into user accounts, scan the web for contact information for sending spam, or perform other malicious activities. If it's connected to the Internet, a bot will have an associated IP address.

傀儡程式可以是:

  • Chatbots: Bots that simulate human conversation by responding to certain phrases with programmed responses
  • Web crawlers (Googlebots): Bots that scan content on webpages all over the Internet
  • Social bots: Bots that operate on social media platforms
  • 惡意傀儡程式:該傀儡程式剽竊資料、散佈垃圾內容或執行憑證填充攻擊
Different types of bots

什麼是惡意傀儡程式活動?

Any automated actions by a bot that violate a website owner's intentions, the site's Terms of Service, or the site's Robots.txt rules for bot behavior can be considered malicious. Bots that attempt to carry out cybercrime, such as identity theft or account takeover, are also "bad" bots. While some of these activities are illegal, bots do not have to break any laws to be considered malicious.

In addition, excessive bot traffic can overwhelm a web server's resources, slowing or stopping service for the legitimate human users trying to use a website or an application. Sometimes this is intentional and takes the form of a DoS or DDoS attack.

惡意傀儡程式活動包括:

為了執行這些攻擊並偽裝攻擊流量的來源,惡意傀儡程式可能會在殭屍網路中散佈,代表傀儡程式的副本會在多個裝置上執行,且裝置擁有者通常不知情。因為每個裝置擁有自己的 IP 位址,所以殭屍網路流量來自大量不同的 IP 位址,造成難以識別和封鎖惡意傀儡程式流量的來源。

公司如何能阻止惡意傀儡程式活動?

傀儡程式管理解決方案能夠透過機器學習,從使用者活動和實用的傀儡程式活動中挑出有害的傀儡程式活動。Cloudflare 傀儡程式管理可阻止惡意行為,且不會影響使用者體驗,也不必封鎖良好的傀儡程式。傀儡程式管理解決方案應能夠根據偵測異常的行為分析,識別和封鎖惡意傀儡程式,並且仍允許實用的傀儡程式存取 Web 資產。

To learn more about setting up bot protection, see our Developer documentation.