Threat settings
Review threat settings to change how Hitprobe responds to the risks it detects. Hitprobe has different block levels depending on the risk:
- Device (blocks device & IP address)
- Network (blocks the network)
- Domain (blocks the domain)
Anonymous visits
When enabled, the device is blocked when the user is found to be browsing anonymously. This includes browsing through a known VPN connection, or where the use of a VPN is inferred using learning data about the shape of traffic or inconsistencies in the person's browsing profile.
This setting creates a device-level block.
Country rules
Choose to either rule countries in (allow them), or rule them out (block them). If a visit comes from a country that is not allowed, the device will be blocked.
Click Manage countries to add or remove listed countries
This setting acts on the IP address country, even where Hitprobe knows the true location of the user. In this case (where IP country is allowed but the user is known to be located elsewhere), the visit would be flagged as anonymous.
This setting creates a device-level block.
Bounced visits
A 'bounced' visit is where a visitor enters and leaves your site within the Threshold (seconds) you set here. Enable this setting if you want to block the device if the visitor bounces. It often indicates an accidental or unintended click.
This category of risk is always assessed a few minutes after a visitor is first seen, allowing enough time to make sure the visitor doesn't return before the visit is flagged as a bounce.
In the rare situation that a session is marked as bounced but the visitor returns later, the duration will be updated. However, to avoid changing past events, it will still show as bounced.
This setting creates a device-level block.
Automated visits
This setting tells Hitprobe to block the device where the browser is known (or inferred) to be automated. That includes being a crawler, a bot, or a 'suspect device'.
A device is suspect where there are inconsistencies between the way the browser reports itself and the properties that the Hitprobe agent was able to confirm. This usually means the browser is headless (a bot) but pretending to be a regular browser.
This setting creates a device-level block.
IP address reputation
Enable this setting to block IP addresses with a poor reputation. IP addresses that are known sources of malicious activity or abuse (such as botnet activity, registration bots, etc.) are considered to be bad IPs.
We use both commercial blocklists, and machine learning to assess the reputation.
This setting creates a device-level block.
IP address rate limits
This setting will create a device-level block and block IP addresses if they are seen too frequently over the past hour, day, or month.
The count is actually calculated over the past period up to the current point in time. For example, the hourly limit calculates the frequency from the start of the previous hour up to the current time.
Daily limit calculates the frequency from the start of yesterday up to the current time today, etc.
This setting creates a device-level block.
Network rate limits
This setting works in a similar way to the IP address rate limits but will block IP networks (i.e. the network rather than the host part of the IP address) if they are seen too frequently over the past hour, day, or month.
This setting creates a network-level block.
Device rate limits
Blocks a device where the device's unique fingerprint is seen too frequently over the past hour, day, or month. Where a fingerprint is the same between 2 sessions it's almost certain that the same physical device is being used.
This setting creates a device-level block.
Networks per device
Hitprobe keeps a real-time count of the number of unique networks that a device is associated with. Generally, a device tends to be associated with only a handful of networks in the context of visits to a single site, i.e. a home ISP, office network, maybe a coffee shop, etc.
If this setting is enabled and the number of networks that a device is seen on exceeds the number set here, the device will be blocked.
This setting creates a device-level block.
Referrer reputation
Enable this setting to block the referrer domain where Hitprobe finds the referrer URL to be poor quality. Poor quality referrers are those that are very new (less than 60 days old), where the referrer URL seems to be broken, or where the domain has very low popularity (very few links to it).
This setting creates a domain-level block.