Robot Attack! Repelling Bots, DDOS, and other Fiends


Long ago, in the misty annals of the early Internet, by simply placing a well-formed robots.txt file at the root of a website directory, you could ban unwanted indexing bots from crawling through a few dozen hand-stitched pages and consuming an entire month’s outgoing bandwidth allowance. The only DDOS was getting “Slashdotted”, and having that happen to your website was a big honor. Nowadays, however, our concerns are much more diverse in scope, and far riskier by nature. From email harvesting operations and spam generation factories, to denial-of-service and malware breeding farms, these zombie-staffed distributed botnets are spewing enormous rivers of malicious garbage upon our once pristine, networked shores. Meanwhile, the stakes are only getting higher, as all the top brands and levels of government alike begin to heavily rely on the wholesome appearance and reliable service of their websites to be intimately connected with consumers online.

How might besieged web operators repel the gross onslaught of spam traffic, DDOS attacks, and other malicious behavior promulgated through our nets? In this session, Suzanne Aldrich of Pantheon and Martijn Gonlag of Cloudflare will reconnoiter the Internet robot armies, and disemminate effective strategies for website fortification:

  • Diagnosing bot traffic spikes with logs and analytics
  • Best practices for obscuring emails and using nofollow links
  • Standard spam evasion methods and why they’re mostly flawed
  • Strengths and pitfalls of using external spam filtering services
  • CDNs, caching, and other performance optimization techniques for withstanding high traffic volume
  • Anti-DDOS and WAF protection

After this session you’ll be armed with all the knowledge needed to defend any Drupal 7 or 8 site from a bot assault, and live to tell the tale.

Session Track


Experience Level


Drupal Version