How bot detection works - a diagram
Detecting a bot is not a piece of cake - knowing that a false positive can lead to an unhappy human visitor, who may leave your website.
As you can see in the attached diagram, modern methods of Bot detection rely both on traces which can be found on site's access (HTTP/S) log file and JavaScript-related features which can be checked only if the client's browser does support JavaScript (lack of JavaScript is a strong indication that we're dealing with a bot).
JavaScript checks can go a long way, even detecting input/output devices and checking mouse/keyboard activity.
'Does IP belong to a Datacenter' - this check requires maintaining a database of such IPs - and usually obtained by external vendors.
If you think bot detection can be of use to you or you're simply interested in the topic, feel free to check out BotMeNot!
Also, feel free to ask any questions!
I Spent 2 Years Building a SaaS. Then I Pivoted to Selling Spreadsheets.
I’m not failing, but I’m not breaking out either. So I’m changing how I work!