Interencheres.com Manages Bot Traffic With DataDome & Amazon CloudFront
The site centralizes advertisements from all its members: 265 auction houses and auctioneers from all over France. It’s the country’s leading auction site; every month, a million unique visitors are vying for some 200,000 lots or objects.
Interencheres.com supplies all professional members with software that enables them to upload their advertisements and photos themselves. The members manage their auctions independently, and maintain full responsibility for their ads.
Since 2011, members can also choose to stream their auctions on interencheres-live.com. This sister site enables remote buyers to participate to auctions in real time, with sound and video, and to bid as if they were present. Interencheres-live.com also offers a service for secret purchase order deposits, which are executed automatically.
The Problem: Form spam & unpredictable traffic spikes.
A while ago, the team in charge of managing the site discovered that unknown operators were trying to exploit the site’s vulnerabilities.
“The forms were leaky on our previous site,” says Olivier Dupuis, CTO of Interencheres.com.
“In particular, the bots were targeting a form where users can request pricing estimates for objects, and they generated up to 15,000 emails per day. Legitimate requests were drowned in the deluge of spam, and the email volume wasn’t manageable for the auction houses that received them.”
In addition, scraper bots (attracted by auction lot descriptions) were causing irregular and unpredictable traffic spikes. These peaks resulted in poorer site performance and often triggered on-call incidents, but the staff on call lacked the tools to manage automated traffic in real time and often couldn’t identify the source of the problem in order to fix it.
Olivier Dupuis and his team initially set out to manually filter and block hostile IP addresses, but quickly realized that it wasn’t a sustainable solution. “It was too energy-consuming,” he admits.
The Solution: DataDome & Amazon CloudFront measure & identify all automated traffic, block form spam, & control access to the website.
Olivier Dupuis started to look for a dedicated bot management solution, with two very specific technical requirements in mind: He wanted the selected solution to work with minimal intrusion on the platform, and it had to be integrated into the AWS environment.
Interencheres.com took advantage of the AWS Marketplace, which integrates the administrative and financial management of the DataDome subscription with that of the AWS account. Indeed, DataDome was one of the first French companies to make our solution available via the SaaS offer managed directly by AWS.
“The other great benefit of going through the AWS Marketplace is that we only pay for what we use,” notes Mr. Depuis.
The team also used an advanced Amazon CloudFront feature, Lambda@edge, which simplifies deployment of the DataDome protection to the extreme.
“If you don’t know CloudFront or Lambda well, it might take you a little longer, but if you’re familiar with the Amazon environment, it’s basically a cut-and-paste coding job,” says Dupuis, who estimates having spent no more than an hour and a half to install DataDome in pre-production.
After this successful experience, he now aims to switch to a “full Lambda” API in order to go serverless and reduce the team’s system administration workload.
The Results: Protected forms, regulated & controlled traffic.
Since the DataDome protection was activated, Interencheres’ members no longer receive bot-generated spam emails, and the site’s traffic comes from welcome visitors—including, perhaps surprisingly, some scraper bots.
“We knew that certain portals were scraping our content, but they included links to Interencheres.com and therefore brought us traffic. Even though the DataDome solution blocks all scrapers by default, the dashboard makes it easy to unlock access for the sites we want to keep in our ecosystem,” explains Mr. Dupuis.
Finally, blocking unwanted bots helps control and regulate traffic and reduce server load, so that the DataDome solution partly pays for itself.
“Now, when I have traffic peaks, it’s structural fluctuations that aren’t due to malicious activity. I’m managing my real server load,” says Mr. Dupuis. “And my team is happy that the bots are no longer triggering on-call incidents in the middle of the night!”