Skip to main content

Notifications

Announcements

No record found.

Power Platform Community / Forums / Bot Administration / Avoid malicious multip...
Bot Administration
Unanswered

Avoid malicious multiple sessions/conversations opening

Posted on by 12

How can I avoid malicious multiple website PVA sessions/conversations opening from our customers?

Categories:
  • HenryJammes Profile Picture
    HenryJammes on at
    Re: Avoid malicious multiple sessions/conversations opening

    Sorry, I'm not aware of any available sample for this.

  • Kalampoukas Profile Picture
    Kalampoukas 12 on at
    Re: Avoid malicious multiple sessions/conversations opening

    Hello @HenryJammes,

     

    We tried to implement a captcha before loading the PVA web chat but we cannot do this cause its an iframe. Do you have any idea or any documentation how can we implement it?

     

    Thank you.

  • Kalampoukas Profile Picture
    Kalampoukas 12 on at
    Re: Avoid malicious multiple sessions/conversations opening

    We are trying to implement a google invisible Captcha on our public website before loading the PVA but it will not solve our concern because we have to final a solution for all the other channels (Facebook, Viber, Whatsapp etc) maybe through the PVA. I have already escalated to MS Product Group and they told that it will be as a top priority.

     

    I posted here, if there is an alternative solution or if you have any other ideas to prevent it.

     

    Thank you for your reply.

  • HenryJammes Profile Picture
    HenryJammes on at
    Re: Avoid malicious multiple sessions/conversations opening

    @Kalampoukas wrote:

    I want to be proactively for my organization. The main question is how to prevent multiple chatbot sessions created to prevent DOS attack and not have unwanted PVA billed sessions.

     

    Investigation:

      • If the attack is made by an automation, ask of whether there’s any security mechanism that can be implemented (say a Captcha, or similar) to prevent the chatbot sessions from being created.
      • If there is the concern is related with a human behind the attack, whether it is possible to allow a single session per IP

    Regarding these two bullets, I am trying to find a solution.


    Hi @Kalampoukas


    For a bot published on a public website, you could add additional logic on the client side to prevent these.

    E.g. implement a captcha before loading the PVA web chat, etc.

  • Kalampoukas Profile Picture
    Kalampoukas 12 on at
    Re: Avoid malicious multiple sessions/conversations opening

    I want to be proactively for my organization. The main question is how to prevent multiple chatbot sessions created to prevent DOS attack and not have unwanted PVA billed sessions.

     

    Investigation:

      • If the attack is made by an automation, ask of whether there’s any security mechanism that can be implemented (say a Captcha, or similar) to prevent the chatbot sessions from being created.
      • If there is the concern is related with a human behind the attack, whether it is possible to allow a single session per IP

    Regarding these two bullets, I am trying to find a solution.

  • peterswimm Profile Picture
    peterswimm on at
    Re: Avoid malicious multiple sessions/conversations opening

    Is this a real problem, or one you are trying to mitigate proactively? I know PVA does throttle and block abusive usage of our endpoints, but would be interested in understanding better a little of the types of abuse you are trying to prevent.

Helpful resources

Quick Links

Exciting News for Copilot Studio Communi…

Get ready to experience a whole new level of engagement with the Copilot Studio…

Celebrating the May Super User of the…

LaurensM is an exceptional contributor to the Power Platform Community…

Check out the Copilot Studio Cookbook…

We are excited to announce our new Copilot Cookbook Gallery in the Community…

Leaderboard

#1
renatoromao Profile Picture

renatoromao 6,459

#2
Pstork1 Profile Picture

Pstork1 1,954

#3
Expiscornovus Profile Picture

Expiscornovus 1,648

Featured topics