How can I avoid malicious multiple website PVA sessions/conversations opening from our customers?
Announcements
How can I avoid malicious multiple website PVA sessions/conversations opening from our customers?
Sorry, I'm not aware of any available sample for this.
Hello @HenryJammes,
We tried to implement a captcha before loading the PVA web chat but we cannot do this cause its an iframe. Do you have any idea or any documentation how can we implement it?
Thank you.
We are trying to implement a google invisible Captcha on our public website before loading the PVA but it will not solve our concern because we have to final a solution for all the other channels (Facebook, Viber, Whatsapp etc) maybe through the PVA. I have already escalated to MS Product Group and they told that it will be as a top priority.
I posted here, if there is an alternative solution or if you have any other ideas to prevent it.
Thank you for your reply.
@Kalampoukas wrote:I want to be proactively for my organization. The main question is how to prevent multiple chatbot sessions created to prevent DOS attack and not have unwanted PVA billed sessions.
Investigation:
- If the attack is made by an automation, ask of whether there’s any security mechanism that can be implemented (say a Captcha, or similar) to prevent the chatbot sessions from being created.
- If there is the concern is related with a human behind the attack, whether it is possible to allow a single session per IP
Regarding these two bullets, I am trying to find a solution.
Hi @Kalampoukas,
For a bot published on a public website, you could add additional logic on the client side to prevent these.
E.g. implement a captcha before loading the PVA web chat, etc.
I want to be proactively for my organization. The main question is how to prevent multiple chatbot sessions created to prevent DOS attack and not have unwanted PVA billed sessions.
Investigation:
Regarding these two bullets, I am trying to find a solution.
Is this a real problem, or one you are trying to mitigate proactively? I know PVA does throttle and block abusive usage of our endpoints, but would be interested in understanding better a little of the types of abuse you are trying to prevent.
Stay up to date on forum activity by subscribing. You can also customize your in-app and email Notification settings across all subscriptions.