Blog , 19 Jul 2016

Good Bots vs. Bad Bots: What’s The Difference?

Tobias Knecht,

Founder and CEO, Abusix

Bots are the worker bees of the internet.

Whether posting as customer service agents for business websites or scraping data from websites for improved search engine optimization, bots are hard at work helping build a better internet. For better or worse, these snippets of code have revolutionized the internet by automating many tasks that would be too tedious, time-consuming, or expensive to perform by human agents.

See also: How SpamExperts Can Improve Your Abuse-Handling Process

In their most basic form, bots are simply software agents designed to perform an automated task on the internet. And this of course is as interesting and valuable for the bad guys as it is for legit businesses and services.

Good Bots

The ‘good’ bots are an essential part of the internet. In fact, approximately 36 percent of all web traffic in 2015 was generated by good bots. At least 18 percent of all web traffic in 2015 was attributed to ‘bad’ bots, or bots created especially to harm sites, steal data, or perform other malicious acts.

Since we are mostly fine with what the ‘good’ bots are doing, let’s take a deeper look at the ‘bad’ bots.

Bad Bots

Bad bots are bots that perform malicious acts, steal data, or damage sites or networks through such things as distributed denial of service (DDoS) attacks, which means simply flooding the site with far more data requests than it can handle. Bad bots are also often used to scan servers, computers, or networks to find exploits, that can be used to compromise those.

Bad bots are mostly organized in botnets. These botnets are controlled by so-called C&Cs (Command & Control Servers). This centralization on a few C&Cs made botnets very vulnerable for Take-Downs. Make sure the C&Cs goes offline and the botnet will be not actionable anymore. This concept is changing slowly to botnets communicating via P2P, which will make it even harder to detect and will also make some existing security solutions obsolete.

See also: 14 Best Practices for Adequately Protecting Your Network

The classic differentiation in Hacker Bots, Spam Bots, and all the others has as well changed over the last years. Today compromised hosts that function as bots are multifunctional. They can steal information from the compromised computer while hosting a phishing site, participating in a DDoS attack, and usually start spamming or harvesting email addresses from websites at the end of their lifecycle.

Two steps for more security

Now that you have a slight idea what bots are, the next question you should ask yourself is this: “How can I protect my business from bad bots or other malicious attacks?”

1. The first step is to find a comprehensive solution that can provide the protection that your business needs to protect your critical systems from both external and internal security threats.

2. The second step is to make sure that you have a plan on what to do when your security was not strong enough and systems have been compromised.

This is exactly where products like AbuseHQ can help.

Contact us today for a demo of AbuseHQ, our revolutionary network abuse detection and containment system that can stop threats cold in their tracks, while freeing your abuse desk team for other projects.

Linkedin Icon Twitter Icon Facebook Icon E-mal Icon
Two computer monitors showing AbuseHQ

Arrange a trial for AbuseHQ

Do you want to know what AbuseHQ can do for your organization? Get in touch, we'll let you know!

Talk to us
Get in touch

Talk to us

Do you want to know more about our products and services? Get in touch, we are always happy to answer any questions you may have.

The quickest way to get in touch with the team is via our online chat feature at the bottom right of this page.

Alternatively, feel free to email us at or send us a message via our form.