REA Group's moves to stop content scraping and credential stuffing with new tech

December 5, 2019
Share this Post: 

REA Group is an global digital real estate marketing company that runs realestate.com.au, one of Australia's largest real estate listings website, with recorded 4.4 million unique browsers a month.

For Craig Templeton, CISO & GM Group Technology Platforms at REA, dealing with content scrapers, service interruptions, or credential stuffing caused by bad bots at unconventional hours of the night, proved to be an inefficient way of conducting successful business.

REA had huge problems with bots; platform engineers at the group were constantly, and around the clock, dealing with mitigating security incidents and attempting to avoid service disruptions.

Bots flood the bandwidth of websites, rendering them slower or unavailable to legitimate users. After detailed analysis, the engineers at REA observed that their platform was being aggressively targeted by a fake Google bot coming from Germany. It had to be blocked. Craig explains: 

"I went ok, come back to me on that… and after a week they said: can’t you just make it go away? It became evident to us that the walls weren’t the answer to this." 

Perpetrators, including competitors, use DoS attacks to disrupt a website or even take it down. They can dynamically use multiple sources, which make it impossible to stop an attack by blocking a single IP address.

And, for REA group it doesn’t end there, they also discovered that there is a huge number of businesses feeding off their data. "Bot automation in itself is not always bad, but we prefer it to be on our terms," said Craig. "Overall, I would prefer to expose that data in a managed way rather than having someone indiscreetly managing it," he added.

The REA real estate platform has login portals making it vulnerable to credential stuffing. Craig calls this ‘the attack du jour’.

He adds:

"It got to the point that when you are worried about something that is highly automated and dynamic, rules-based security just collapses, and therefore you need to fight automation with automation."

Read more here

Join us February 26-27 for the Property Portal Watch Conference Bangkok 2020.

December 5, 2019

Subscribe to our mailing list to get the famous, free Friday newsletter!

News and analysis to help build better online marketplace businesses, in your inbox, every Friday

Related News

Shutterstock 1454624438
U.S. Portal Operator OJO Labs Acquires The LEAD Syndicate

The U.S. PropTech operator OJO Labs has announced that it has acquired The LEAD Syndicate, a provider of teach solutions...

Read More
Onthemarket Employees
OnTheMarket PR Push Continues with Agent Signups and Roadshow

The UK's number three portal OnTheMarket (OTM) is definitely ramping up its PR in the early months of 2024 with...

Read More
Product Roundup 13March24
Product Roundup: FangDD, Yandex, Redfin, Realtor.com, Keyper, OneDome and MagicBricks

Another week, another big product roundup for portals and proptechs worldwide. Here's what we've spotted...   FangDD shares soar 80%...

Read More
Proptechfundingroundup060324
PropTech Funding Roundup: Cove, FOIP, EasyKnock, GoFlint, Rukita

While the average value of this week's proptech fundraising roundup hovers around the $3M mark, one of today's featured startups...

Read More