Restaurantsupply.com realized that their website was not performing optimally. Hosted on a Magento 2 Enterprise clustered environment which was properly sized, the site’s speed was not in alignment with industry standards.  Latency in their customer navigation experience was contributing to lowered conversion rates. With a website hosting more than 150,000 SKUs within a fiercely competitive marketplace, they knew that they needed to take action.

The JetRails engineers initiated an investigation looking for causes to the sites slower speed.  They uncovered a significant influx of malicious bots jumping from page to page. Bot behavior is specific and follows a systematic navigation pattern, unlike normal site visitors who follow a more scattered “surfing” navigation pattern.

These bots had a primary objective – they were collecting cost intelligence as a means to gain an advantage and undercut pricing. This is a common malicious tactic which generates a large volume of traffic against a target. This influx of bot traffic was causing load on the site and thereby hindering speed. We analyzed the access logs and uncovered that the bots were gaining direct entry into the server through port 80 and 443, generally a gateway for web communications.

JetRail’s engineering team took ownership of the digital asset securing all pathways and blocking off the ports that were allowing malicious traffic to enter the platform.  A Least Privilege Policy was implemented as part of a best practices protocol. This is an important step in ensuring the protection of data and functionality from malicious behavior. The principle requires a user to maintain only those privileges which are essential for them to adequately perform their specific function.

A Content Delivery Network (CDN) was deployed to act as a protective Web Application Firewall (WAF) with all traffic being proactively filtered through it. The WAF is also capable of mitigating threats to sites that do not have properly installed Magento Security Patches.

However, there are some vulnerabilities that even a WAF cannot deter, and Magento Security Patches should be installed properly at all times to minimize your site’s vulnerabilities. A best practices protocol was established to notify their development team of Magento Security Patch releases.

Through the access logs, we identified the bots as having associated IP addresses from China and certain  European countries. The company’s clientele is exclusively US-based, which exposed the geographic location of the malicious bot traffic. We created a GEOBlocking protocol to obstruct all traffic from outside of the United States. Furthermore, we implemented an advanced proactive monitoring system, managing the website up to the first line of code.