Bots are software applications generated to perform automated functions without the need for human intervention. A large collective entity of bots is called a bot farm.

Bot farms can be used for legitimate purposes. Search engines such as Google use bot farms for web indexing and some companies use bot farms for monitoring website performance, for example. However, many bot farms are used for malicious activities.

In the hands of hackers, bot farms pose a very real cybersecurity risk. If you operate any type of e-commerce website, then you need to make sure you are properly informed of the risks they pose to your business.

Key Takeaways

• Bots are automated software applications designed to perform repetitive tasks.
• A large collective group of bots is known as a bot farm.
• Bot farms are used for a range of legitimate uses including web indexing, automated software testing, aggregating data, and monitoring website performance.
• Bot farms are also by hackers to commit click fraud, spread misinformation, launch DDOS attacks, and generate fake traffic.

Reports estimate that 73% of all internet traffic is from malicious bot farms.

What Is a Bot Farm?

Bots can perform huge amounts of automated functions, such as clicking on website icons or buttons. Bots can even perform highly complex actions that mimic real human actions such as creating comments, sharing content, or making transactions. The functionality of any individual bot depends on how sophisticated its programming is.

A bot farm is an organized network of bots. A bot farm can consist of just a few bots, or it can have millions of bots. The bots are usually hosted on sim cards or tablets. In most cases, bot farm operators will not have all the bots situated at the same location. The bots will be spread out on various devices across the globe. A machine learning device is used to control the bot farm remotely.

How Do Bot Farms Work?

Setting up a bot farm requires an infrastructure of various IP addresses and proxies. This allows the bot farm operator to hide their location and identity and make it appear as if each bot is a separate individual and not part of a collective controlled by one user.

Bot farms use several devices, usually tablets, smartphones, or laptops but bots can also be hosted on IoT devices and servers. The complexity of operating a bot farm depends on how big it is and what the bot operator intends to use it for. The bigger a bot farm is, the more efficient it is at completing tasks. Especially large bot farms that perform complex tasks require more devices, more computing power, complicated algorithms, and sophisticated programming.

The three main elements of a bot farm are:

• The bots that perform the tasks.
• A C&C server that is used to issue commands to the bots and gather feedback from them.
• A communication protocol that allows the bots to communicate with the C&C server.

What’s the Difference Between Bot Farms and Click Farms?

A bot farm uses automated software to generate traffic that mimics human activity. A click farm is a collection of actual people who are paid to click on online ads, interact with content, leave comments, like social media posts, or otherwise engage with content.

Malicious Uses of Bot Farms

Bot farms have a wide range of legitimate uses. However, many hackers use bot farms to generate profits by falsely manipulating websites and spreading misinformation.

Social Media Manipulation

Manipulating social media and spreading misinformation is a common use of bot farms. Bots are used to create fake accounts on sites like Facebook or Reddit. The bots can then be used to like certain posts, share content, or follow other accounts. Social media bots are often used for political purposes or by unscrupulous marketing firms to undermine competition. In many cases, companies or organizations will pay to have their posts liked or shared on social media.

To create a bot that can manipulate social media, a bot farm operator needs to create a false persona and write content for the bot to share or post. The bots then engage with targeted users or accounts that will help spread their message. Targeted users are often unaware they are interacting with a bot.

DDoS Attacks

A DDoS attack overwhelms a server with traffic so that it either becomes unresponsive or crashes completely. One of the most famous examples was when the site Dyn suffered a massive bot farm attack that disrupted major websites such as Twitter, Netflix, Reddit, and Airbnb.2 Over 1.7 million HTTP DDoS attacks, 1.5 million DNS DDoS attacks, and 1.3 million L3/4 DDoS attacks occurred in the first half of 2024.

Ad Fraud

Ad fraud is a popular method that hackers use to generate profits with bot farms. Ad fraud is when a bot farm is deployed to generate clicks on pay-per-click (PPC) advertisements or normal online advertisements. Hackers receive funds from advertisers for each PPC click. Ad fraud can also be used to falsely inflate online activity which distorts customer analysis and can drive up a competitor’s marketing budget.

Ad fraud increases overall marketing costs for businesses and undermines the effectiveness of online advertising campaigns. According to industry experts, losses to ad fraud totaled approximately $84 billion in 2023.

Data Scraping

Bot farms can extract large amounts of information from multiple websites using data scraping. There are legitimate uses for data scraping, such as search engine optimization and price analysis. However, data scraping is also done to steal content, create spam email lists, or conduct identity theft.

Twitch/YouTube Streams

Streamers on sites such as Twitch or YouTube earn money based on the number of people who view their content. Some streamers use bot farms to falsely boost how many views they receive.

Artificially Increasing Website Traffic

A webmaster may pay a hacker to deploy a bot farm to artificially increase the amount of traffic a website receives. The webmaster can then generate profits by charging more for advertising or by selling backlinks.

Example of Real-Life Bot Farm Cases

There have been several recent examples of bot farms being used for malicious political purposes. Most notably, Chinese and Russian bot farms have been deployed to spread misinformation. In early 2024 Ukrainian authorities broke up a large bot farm in Zhytomyr just outside Kyiv that was being used to send malware and spyware to devices used by Ukrainian troops. Russian bot farms spreading disinformation about the Ukraine war have also been seized by US authorities.

Bot farms aren’t just used for political propaganda. A Chinese bot farm was generating over $600,000 a month collecting rewards in the popular game Counter Strike 2.

Bot farms are also used to swindle small business owners. Many unsuspecting entrepreneurs are convinced to pay for likes and followers, unaware that they are paying for fake accounts operated by bots, not real human followers.

How to Spot Bot Farm Activity

Detecting bot farm activity is not always easy. There are, however, some signs to look out for.

If you own an e-commerce website, then you should regularly monitor your site for the following:

High rates of Abandoned Shopping Carts

If your site has high rates of users abandoning their carts, then it may be indicative of bots at work. While bots will fill a cart, they will not complete a sale.

High Clicks, Low Conversions

Another telltale sign that bots are active is if your website is experiencing a spike in user engagement but does not have corresponding conversions.

New and Unfamiliar Sources of Traffic

Has your site suddenly had a high volume of visitors from unfamiliar countries? Are you getting large amounts of visitors from sources outside your targeted audience? This can also indicate bot traffic.

The Negative Impact of Bot Farms

Bot farms can have severe impacts on businesses and society in general. Bot farm attacks damage the ability of a company to attract new customers and maintain the trust of existing customers. Bot farm activity can also result in higher operating and marketing costs. Propaganda and misinformation spread by bots can negatively affect election outcomes and even hinder war efforts.

Unreliable Analytics and Increased Marketing Costs

Bot farms distort the real amount of online traffic and engagement that your site is attracting. Skewed marketing results in incorrect decision-making. Marketers may target their campaigns based on false customer behavior or place ads on platforms that don’t have real rates of engagement.

Wasted Site Resources and Increased Overheads

Operating an e-commerce website that is being overrun by bots can be costly. As hordes of bots devour bandwidth, operating costs increase. Without the corresponding uptick in sales, this can be highly detrimental to a business’s profit margins.

Undesirable Political and Social Impacts

Bot farms can manipulate public opinion, spread misinformation, and disrupt democratic processes. The use of bot farms can create the illusion that a candidate or political group has far more support than is the case. This can influence public opinion and sway voting results. The dissemination of false information and fake news exacerbates social divisions. Trust in democratic institutions and media outlets is diminished.

Erosion of Privacy and Security

The use of bot farms to scrape private data, disseminate personal information, and steal content undermines trust in companies and organizations. As the use of bot farms increases, users are subject to increased risks of cyberattacks.

How to Protect Your Business from Bot Farms

Protecting your business from bot farms requires vigilance and a multifaceted approach to cybersecurity.

DataDome has a false positive rate of less than 0.01% and is used by major companies and organizations across the globe. Book a free demonstration today.