Devex Addresses Fake Account Attacks With Help From DataDome

Devex is a social enterprise and media platform that connects and informs more than a million development, health, humanitarian, and sustainability professionals. Bots were creating fake accounts on the Devex website, which skewed analytics and distracted multiple teams from their core activities. By handing off bot mitigation to DataDome, Devex has freed up time and regained productivity. Now, their internal account metrics are reliable again.

The Problem: Attackers Used Bots to Create Fake Accounts

“When all of a sudden, our internal metrics for account creation went through the roof, we were really pleased. But after looking at our data from different angles, we had to conclude that it was most likely a bot attack, someone using a script,” says Daniel Sager, Staff Engineer at Devex.

Although customer data on the Devex platform was never exposed or at risk in any way, the fake accounts were problematic for the Devex team and business.

“It was distracting,” Daniel recalls. “It affected many people inside our organization, not just the engineering and product teams, but also our business analysts and people relying on internal metrics. We had to figure out how to exclude the fake accounts from our internal metrics, batch block users, and clean up our data, while at the same time trying to roll out new features to mitigate the attack. It caused a lot of different downstream, small problems, and took our focus away from what we should be doing.”

So, what is the best way to stop or prevent fake account creation and bot attacks? Trying to stop the attack, the engineering team experimented with various measures such as honeypot fields and CAPTCHA. The experimental measures might work for a day or two, but the bots would come back with a new approach and bypass the protection every time.

The Solution: Automated Protection

After trying for a few weeks to find an efficient fix, Daniel and his team concluded that their efforts weren’t working. They needed to look for a broader-scale, commercial solution.

“We didn’t know exactly what we were looking for, but we were hoping to find a tool that could shield us without creating more work for us; something we could integrate and then leave alone so we could focus on tasks that create direct business value,” says Daniel, who then researched an industry dedicated to bot mitigation.

For lean engineering teams, ease of integration is crucial. That’s why DataDome’s wide range of server-side and client-side modules optimized for every type of web architecture appealed to Daniel and his team.

“The setup was really straightforward, and it worked right out of the box,” Daniel confirms. “It was mainly just downloading the plugin, adjusting our NGINX config to make sure it was deployed on the web server, and then a bit of fine-tuning here and there to allow for our own automated activities and a few third-party web hooks. Overall, the implementation required very little effort from our side.”

The Results: Regained Productivity, Reliable Internal Metrics

“We have no automated account creations anymore, and we can trust our internal metrics again. We’re really happy with the solution.”

The DataDome dashboard also revealed other types of attacks beyond fake account creation, such as web scrapers, which hadn’t been much on Devex’s radar. “I was a bit surprised by other things we’re catching,” Daniel comments.

Most of all, Daniel and his colleagues appreciate that DataDome’s solution does its job in the background and requires no maintenance. Aside from a bi-monthly call with the customer success team to go over high-level topics, there’s very little work involved.

“Our whole team was focused on this type of attack,” Daniel comments. “It was just a distraction. Now, we don’t have to deal with it anymore, and we can have faith in our internal metrics. DataDome has provided the peace of mind we were hoping for.”