Deflect protects your website from a multitude of cyber attacks, including distributed denial of service (DDoS), brute force attacks against your login password, connection hijacking and much more. To achieve this level of protection, we employ sensitive monitoring tools and various mitigation methods.
- Banjax is responsible for early stage filtering, challenging and banning of bots, identified via regular expression (regex) matching, in conjunction with the Swabber module.
- Edgemanage monitors Deflect edges health and rotates them in and out of our clients’ DNS records.
- Opsdash is an ElasticSearch cluster where the majority of Deflect’s traffic data is stored and queried.
- Baskerville is a network traffic anomaly detector, for use in identifying and characterizing malicious IP behaviour.
We’ve developed and pieced together these tools in order for our clients and the Deflect network to be resilient to any type of brute force attack. They also help us gather, store and analyze information on attacks and attackers, building adversarial profiles and improving behaviour analysis of network traffic.
Monitoring
At its core, the Deflect network is capable of logging information about any and all aspects of web traffic destined for our clients’ websites (this includes traffic over SSL). This means that for each visitor accessing the Deflect network it is possible to record or otherwise ascertain:
- Site accessed
- Browser user agent
- Deflect server queried
- Time of request
- Response code to the request
- Cache status of the request
- IP address, ASN of the requester
- User device
This information is fed into Opsdash and Baskerville. It allows our clients to see traffic statistics in their dashboard profile, including detailed information on legitimate and banned requests.
Password Protected Page
Password Protected Page is an effective security feature that helps safeguard your website from bots, scanners, and unauthorized access. It places a password page in front of the specified path, blocking public access to it.
Password Protected Page is designed to safeguard your website’s admin panel. It offers useful features like cache disabling for the admin and a Super Pass, which allows exemption from blocking and challenges.
After you have created the password in the Dashboard, the login page to your website (e.g. /wp-admin, /login, /administrator, etc.) will appear like this:
Only those in possession of the authentication password will be able to proceed. This has an extra side effect of protecting your website’s editorial login from password brute-force attacks.
Challenger
When a DDoS attack is not automatically mitigated by Deflect rules and begins to have a negative impact on your server, you can enable the Challenger. It will help Deflect distinguish between real website readers (who are using a web browser) from automated bots. Challenger does this by serving everyone who requests access to the website a mathematical challenge in JavaScript. The browser solves the challenge and sends back their reply. Most bot cannot do this. When a challenge has been solved, Deflect returns a cookie to the reader’s browser. No further challenges are required from this reader for the next 24 hours.
Information for website readers
In order to successfully receive and process a challenge, your browser will need to have JavaScript enabled. If you are using a JavaScript blocker like e.g. “NoScript”, it will result in an error message telling you that JavaScript is blocked and should be enabled:
Information for Deflect clients
Challenger is a strong measure of defense. It will not only block all malicious traffic, but also legitimate bots. This may result in website crawlers not being able to access your website. Use Challenger as a last resort. We have allowed the following crawlers and IPv4 address ranges to make sure websites behind the challenger can still be indexed:
- applebot
- betteruptimebot
- bingbot
- duckduckbot
- facebookbot
- freshpingbot
- googlebot
- imagekit
- imgix
- marginalia
- mojeekbot
- molliewebhook
- outageowl
- pingdombot
- rssapi
- stripewebhook
- telegrambot
- twitterbot
- uptimerobot
- webpagetestbot
Website or crawler banned?
If the challenger filter blocks your website or crawler we can allow your IP address. You can allow it in Deflect Dashboard under “Additional Protection IP Allowlist”. Or you can submit a ticket to the Deflect team and provide the following information:
- Name of your organization and a brief description of work
- Link or IP address / ranges
If your request is legit we will add your website or crawler to the allowed list.
Banjax Challenger Code
Here’s a link to the code served by Challenger. It should only take a second or two for your computer or smartphone to solve the challenge.