Help Center/ Edge Security/ Best Practices/ Traffic Fraud Prevention Policy/ Overview
Updated on 2025-09-15 GMT+08:00
View PDF
Share

Overview

Traffic Fraud/Bandwidth Abuse refers to the illegal occupation of network resources, such as bandwidth, traffic, and server resources, through malicious methods. For example, attackers may use automated tools to frequently access site resources, forcing enterprises to incur costs for abnormal traffic or causing service disruptions. The core purpose is to consume target resources through a large number of invalid or malicious requests, causing economic losses or service interruption.

Common Forms of Traffic Fraud

  • Malicious traffic attacks
    • Challenge Collapsar (CC) attacks: Attackers send frequent requests to specific URLs or interfaces (such as login pages and APIs) to exhaust server resources or bandwidth.
    • Download fraud/volume fraud: Attackers use automated scripts or "traffic farms" to download a large number of files (such as videos and software packages), consuming CDN traffic or storage resources.
  • Content theft
    • Resource link theft: Attackers embed website resource (such as images and videos) links into third-party sites to directly consume the bandwidth and traffic of the original site.
    • Crawler abuse: Attackers use malicious crawlers to frequently crawl website content, such as product information and databases, leading to significant increases in server load.
  • Ad fraud
    • Fake clicks: Attackers simulate users to click ads (such as CPC ads) to consume the advertiser's budget and make profits.
    • Traffic hijacking: Attackers tamper with the user access path and direct normal traffic to pages controlled by attackers.

Differences Between Traffic Fraud and DDoS Attacks

Table 1 Differences between traffic fraud and DDoS attacks

Feature

Traffic Fraud

DDoS Attack

Purpose

Consume resources for profit or make profits indirectly.

The service breaks down.

Methods

High-frequency requests, resource theft, and fake traffic

Massive traffic floods the target server or network.

Billing

High bills (such as CDN traffic fees)

Services are interrupted, but the traffic consumption may be low.

Concealment

More covert, potentially disguised as typical user behavior.

Obvious attack features (such as burst volume traffic)

The following security policies are provided to mitigate the impact of traffic fraud.

  • Risk perceiving
  • Rate limiting
  • Analysis and locating
  • Intelligent defense