Theat Score Always 0 Even For Bot Traffic

r.padurea · August 9, 2024, 7:58am

What is the name of the domain?

What is the issue you’re encountering

What steps have you taken to resolve the issue?

When I enabled WAF rules for IP threat score, they did nothing, absolutely no WAF entries.

So for test purpose I enabled skip rules for threats with 0 score, here is where I found all easily user agent identifiable bot traffic.

Is this normal that all bot traffic passes IP threat score as 0, which is supposed to be reserved only for the IPs with absolutely perfect reputation?

As an example this abusive bot with highly malicious ip is getting threat score of 0
Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected])
IP address: 47.128.34.44

What is the current SSL/TLS setting?

Full (strict)

r.padurea · August 10, 2024, 6:42pm

So there is no one with such problem? By the way today I got a visitor with threat score = 1, it’s the first time since I enabled threat score tracking for several days. That’s with at least 12k unique visitors a day and over 30k bot traffic that I get daily. Sounds like a useless metric so far.

system · August 25, 2024, 6:42pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Threat Score HTTP Attack Security	9	2454	June 18, 2020
Threat_score Security	4	2965	February 24, 2021
Custom rule for filtering traffic from some ccountries Security	1	384	January 7, 2024
Bot traffic bypassing Super Bot Fight Mode Website, Application, Performance	6	2500	November 14, 2021
What is the recommended Threat Score to use Security	2	2375	January 5, 2022

Theat Score Always 0 Even For Bot Traffic

What is the name of the domain?

What is the issue you’re encountering

What steps have you taken to resolve the issue?

What is the current SSL/TLS setting?

Related topics