𝛑
𝛑
Posts List
  1. Intro
  2. Starting with JavaScript AntiDebug
  3. Design and Verification
  4. User Behavior Analysis
  5. Other
  6. References

Anti-Spam (Registration / Login / KYC)

Intro

As mentioned in the previous post, we can use BanIP and rate limiting, and of course API gateways can help with throttling too. But that’s not what this post is about. What I want to talk about here is how to implement common yet not-so-easy-to-break defenses at the code level — to actually stop bot abuse and cheating. Let’s think through a few more angles and see how to do this better.

Starting with JavaScript AntiDebug

Generally speaking, there are a few techniques:

  • Abnormal environment detection (we only want our code running in a real browser)
  • Devtools detection
  • Code integrity checks
  • Data flow integrity checks
  • Anti-emulation

I happened to be researching anti-debugging techniques a couple days ago and translated a post on it — details here

Design and Verification

image

POC validation (ignore the field names…). Of course the prerequisite is that the frontend also has solid anti-debugging and encryption in place.

image

image

Even after integrating both frontend and backend, you still can’t completely block attacks — given enough time, an attacker can probably still break through. So how do you detect script cheating in later stages? That’s where user behavior analysis comes in.

User Behavior Analysis

Simple mouse movement tracking, combined with event logging — clicks, focus on input fields, typing, etc. — serialize all of that and run classification on it. Right now I’m collecting user behavior logs in the test environment, shipping them to S3 for later analysis.

Fields being tracked:

  • Mouse trajectory
  • Click events
  • Input events: duration
  • Post-login behavior

Here’s a simple snippet for recording coordinate trajectory:


document.onmousemove = function(e){
var pageCoords = "( " + e.pageX + ", " + e.pageY + " )";
console.log(pageCoords);
};

A slicker approach:


monitorEvents(document.body); // logs all events on the body

monitorEvents(document.body, 'mouse'); // logs mouse events on the body

monitorEvents(document.body.querySelectorAll('input')); // lo

Other

  • Collect behavior logs and use them for analysis
  • Deep dive into JavaScript encryption and obfuscation

References

ele mentioned a really nice trick during an interview: record the timestamps of keystrokes. The data volume I was originally collecting was getting a bit large.