Written by 
Photo by Ant Rozetsky on Unsplash
At this point you might be saying, “Teresa, what the heck is a bot?”. And to that I say, great question.
A bot, actually short for “robot”, is a software program that is engineered to automatically perform repetitive and targeted attacks. Some bots are created for business reasons – for example, Google might have search engine bots that index websites for more accurate search results.
Other times bots are created for nefarious purposes. They can do all kinds of things: infect computers with malware, steal sensitive information, carry out DDoS attacks (more on that in another post), etc.
So how do we know we had a bot attack, and what are they trying to do?
Another excellent question.
One giveaway is the weird username and email: tghjojikh…. and [email protected]. This LOOKS like something an automated computer would come up with. And it probably is. Adversaries use bots to comb through new Word Press sites (like this one!) to see where they can create a login. But why? What do they want with this little website? Honestly, probably nothing. Remember that a bot is automated- there’s nothing necessarily intentional about choosing my site. The bot likely tried thousands of sites, and got lucky with some of them.
So, if it’s not about the specific website, why do it at all?
Usually, adversaries are trying to accomplish one of the following:
Spam/link posting (MOST COMMON)
They create accounts to:
- Post spam links
- Add links to profiles
- Drop comments with malicious URLs
Goal: To drive traffic or boost SEO for shady sites
Credential Stuffing/ Account Reuse
Credential Stuffing means they create accounts using known email/password combinations and see if the site accepts them.
Goal: Find weak systems
Build Email Lists
Register with real or semi-real emails (semi-real emails are often temporary or disposable)
Goal: Harvest or validate email systems
Probe Security
Bots test registration forms, login endpoints and API routes
Goal: Find vulnerabilities for later attacks
Future Abuse (if left unchecked)
If accounts stay active (and if the right controls are not in place), they could post content, message users, and attempt privilege escalation (trying to make themselves an admin)
So should we be concerned?
Probably not. This is pretty normal background noise of the internet. And thanks to the security features this website already has in place, I was alerted to our new bot user, the user was deleted, and we are back to where we started.
Pretty cool, thought, huh?
Did you learn anything new about bots? Drop us a comment below and let us know!