Avoid malicious multiple sessions/conversations opening

(0) Share

Report

Posted on by Kalampoukas

How can I avoid malicious multiple website PVA sessions/conversations opening from our customers?

All responses (6)

Answers (0)

HenryJammes on at

Like (0)

Report

Re: Avoid malicious multiple sessions/conversations opening

Sorry, I'm not aware of any available sample for this.
Kalampoukas 12 on at

Like (0)

Report

Re: Avoid malicious multiple sessions/conversations opening

Hello @HenryJammes,

We tried to implement a captcha before loading the PVA web chat but we cannot do this cause its an iframe. Do you have any idea or any documentation how can we implement it?

Thank you.
Kalampoukas 12 on at

Like (0)

Report

Re: Avoid malicious multiple sessions/conversations opening

We are trying to implement a google invisible Captcha on our public website before loading the PVA but it will not solve our concern because we have to final a solution for all the other channels (Facebook, Viber, Whatsapp etc) maybe through the PVA. I have already escalated to MS Product Group and they told that it will be as a top priority.

I posted here, if there is an alternative solution or if you have any other ideas to prevent it.

Thank you for your reply.
HenryJammes on at

Like (0)

Report
Re: Avoid malicious multiple sessions/conversations opening

@Kalampoukas wrote:
I want to be proactively for my organization. The main question is how to prevent multiple chatbot sessions created to prevent DOS attack and not have unwanted PVA billed sessions.

Investigation:
If the attack is made by an automation, ask of whether there’s any security mechanism that can be implemented (say a Captcha, or similar) to prevent the chatbot sessions from being created.
If there is the concern is related with a human behind the attack, whether it is possible to allow a single session per IP
Regarding these two bullets, I am trying to find a solution.
Hi @Kalampoukas,

For a bot published on a public website, you could add additional logic on the client side to prevent these.
E.g. implement a captcha before loading the PVA web chat, etc.
Kalampoukas 12 on at

Like (0)

Report
Re: Avoid malicious multiple sessions/conversations opening

I want to be proactively for my organization. The main question is how to prevent multiple chatbot sessions created to prevent DOS attack and not have unwanted PVA billed sessions.

Investigation:
If the attack is made by an automation, ask of whether there’s any security mechanism that can be implemented (say a Captcha, or similar) to prevent the chatbot sessions from being created.
If there is the concern is related with a human behind the attack, whether it is possible to allow a single session per IP
Regarding these two bullets, I am trying to find a solution.
peterswimm Moderator on at

Like (0)

Report

Re: Avoid malicious multiple sessions/conversations opening

Is this a real problem, or one you are trying to mitigate proactively? I know PVA does throttle and block abusive usage of our endpoints, but would be interested in understanding better a little of the types of abuse you are trying to prevent.

Community site session details

Avoid malicious multiple sessions/conversations opening

Helpful resources

News and Announcements

Quick Links

🌸 Community Spring Festival 2025 Challenge Winners! 🌸

Warren Belz – Community Spotlight

Congratulations to the April Top 10 Community Stars!

Leaderboard > Copilot Studio - Bot Administration

Featured topics

Product updates

Community site session details

Avoid malicious multiple sessions/conversations opening

Helpful resources

News and Announcements

Quick Links

🌸 Community Spring Festival 2025 Challenge Winners! 🌸

Warren Belz – Community Spotlight

Congratulations to the April Top 10 Community Stars!

Subscribe to this forum!

Select categories

Leaderboard > Copilot Studio - Bot Administration

Featured topics

Product updates