Page History

...

Web scraping is increasingly used to extract a website's content and data, often conducted through automated via bots and crawlers. For instance, competitors may target your site this way to retrieve content for various reasons. To discourage scraping of your Customer Self Service eCommerce Platform site, you can enable the Honeypot setting. This helps detect suspicious IP addresses and temporarily restricts them from accessing your site. Administrators can view the list of restricted IP addresses and remove them if needed. A suspicious activity report can be set up and automatically emailed to specific recipients to enhance monitoring.    

How it works

IP addresses are flagged as suspicious when they access a special trap route on your site. This route to a 'hidden' page will not be accessed through usual browsing or by legitimate purchasing customers/website visitors.         

Step-by-step guide

To enable and configure the setting,

...

...

View restricted IP addresses list

All IP addresses that are restricted currently or in the past are listed in the Restricted IP Maintenance section of the Honeypot Settings screen.  They will remain in this list even when expired unless manually deleted. 

Image Removed

To delete an IP address, tick its Delete checkbox, then Save or Save & Exit.

Send suspicious activity report

A scheduled task can be set up so that a suspicious activity report (CSV file) can be emailed to specific recipients at regular periods. The report will contain the following information:

• unexpected number of requests per time period for a given User is over a threshold,
• unexpected number of total requests for a set time period,
• and other custom data that can be queried.

...

This feature helps to make sure you have real human customers and not bots visiting and browsing your ecommerce store based on their activity in a session. A session is created when a user first comes to your site. Their IP address is logged.   

When enabled, you can set up monitoring and restricting of incoming concurrent requests made by a unique IP address in a session. Monitoring is done by setting session maximum limits (threshold values) of:

• page views, and/or
• dynamic service requests.

When a maximum threshold value is reached, your site can be set to:

• deny new requests rightaway by showing a '503 server busy' error
• redirect them to a challenge page (a page with Google Capcha on it) they have to pass successfully. (NOTE - If using this option, the page must be created first.) Failure to pass this challenge will result in denial of new requests.  

When a unique IP address is restricted, they are logged. This data can be collected and viewed. You can also add specific IP addresses to a whitelist so they are excluded from being monitored and restricted. 

Configure Settings

1. In the CMS, go to Settings → Settings → Feature Management → System → Request Monitoring and Restriction.
   Image Added
   
   
2. When the Enable Request Monitoring and Restriction is enabled. click Configure. (If Configure is not displayed, contact Commerce Vision to switch on this feature.)
    
3. In Request Monitoring Dynamic Service Count Threshold, enter the threshold value for dynamic service request numbers before monitoring the IP address. Default: 0 (off)
   
   
4. In Request Monitoring Page View Count Threshold, enter the threshold value for number of page views before monitoring the IP address. Default: 0 (off)
   
   
5. In Total Request Initiate Challenge Threshold, enter the total number of requests by unique IP addresses before the challenge is initiated. The challenge is a page with captcha, which the user has to pass. 
   
   
6. In Total Request Terminate Challenge Threshold, enter the number of failed attempts at the Captcha challenge the user can have. Default: 0 (off)
    
7. In Total Request Deny New Session Threshold, enter the threshold value above which will produce the '503 - server too busy' page.
    
8. In Request Monitoring Excluded IP Address, enter one or more whitelist IP addresses that can exceed the threshold values set for monitoring. E.g., you might have testing or development IP addresses you might want to exclude.  
   
   
9. In Challenge Page Content Before, (if using Challenge) enter the HTML code for the page together with the Captcha challenge displayed after the challenge threshold is reached.  
   
   
10. In Challenge Page Content After, (if using Challenge), enter the HTML code for the page together with the Captcha challenge displayed after the challenge threshold is reached.

Related help

...