Dashboard Overview

Monitor your bot protection in real time

Latest News
All →
Total Requests
0
Total Threats
0
Last 7 days
Blocked
0
Challenged
0
Last 7 days
Threats Detected
Last 7 days
Blocked
Total
Daily Attacks
Last 7 days details
Blocked
Challenged
Allowed
Attack Types
Distribution
Total
0
News & Announcements
Click any topic to read
Frequently Asked Questions
Click a question to see the answer
Quick Integration

Add this script tag to your website's <head> section to enable bot protection:

<script src="http://localhost:8080/protect.js?key=YOUR_API_KEY"></script>
Step 1

Copy the code above

Step 2

Paste in your <head> tag

Step 3

You're protected!

Active
Protected
Protection Status
0
Requests Today
0
Blocked Today
0%
Success Rate
Additional Detection Settings
VPN / Datacenter Challenge
Show "I'm not a robot" to VPN and server IPs
Web Application Firewall (WAF)
Block SQL injection, XSS, path traversal, and scanner attacks
Filters
Последние 7 дней
Last 24 Hours
Last 7 Days
Last 30 Days
Last 90 Days
Все типы
All Types
Rate Limit
Suspicious UA
Behavioral
Fingerprint Spoofing
Honeypot
IP Reputation
Bot
WAF
ML Model
Custom Rule
Все страны
All Countries
All Keys
All Keys
Statistics
Last 7 days
Total Attacks
0
Blocked
0
Challenged
0
Allowed
0
Detection Rate
This week
0
%
of threats detected & blocked
Efficiency 0%
Unique IPs
0
+ 0 today
Attack Trends
Recent Activity
Attack blocked from 192.168.1.1
Just now
CAPTCHA challenge issued
2 minutes ago
Rate limit updated
5 minutes ago
Bot detected: Headless browser
10 minutes ago
New rule applied to US region
15 minutes ago
🌍 Attack Map - Global Distribution

Detailed Analytics

Time Series Data

Attack Types Distribution

Decision Distribution

🌍 Geographic Distribution

Hourly Attack Patterns

Blocked / Suspicious / Allowed — Daily

Risk Score Distribution

Top Attacking IPs

# IP Country Attacks %
Loading...

Top User Agents

User Agent Risk Attacks
Loading...

Top Detection Signals

What triggered each block/challenge
Loading...

Repeat Offenders

IP Country Attacks Last Seen
Loading...

New vs Returning Attackers

Top Cities

Traffic by API Key

Key Name Total Blocked Challenged Allowed Block % Last Seen
Loading...

Attack Log

7 дней
24 часа
7 дней
30 дней
Loading...
Machine Learning Training
Label your traffic sessions to train a custom bot detection model. You need at least 100 labeled sessions to start training.
Labeled Sessions
0
100 needed to train
Training Status
Idle
0% complete
Active Model
None
No model deployed
Unlabeled Sessions
0
Waiting for labels

Training History

Loading history...

Trained Models

Loading models...

Label Sessions

Loading sessions...
Security Notice
Keep your API keys secure. Never expose them in client-side code or public repositories. Treat them like passwords.

Your API Keys

Manage authentication keys for your applications

Loading API keys...

How to Use API Keys

Query Parameter
?key=YOUR_API_KEY
HTTP Header
X-API-Key: YOUR_API_KEY
API Endpoint
/api/protect/check
Example cURL Request
curl -X POST http://localhost:8080/api/protect/check?key=YOUR_API_KEY \ -H "Content-Type: application/json" \ -d '{"user_agent": "Mozilla/5.0", "ip_address": "8.8.8.8"}'

Rule Types

IP Block

Block specific IP addresses or CIDR ranges (e.g., 192.168.1.0/24)

User-Agent Block

Block requests with specific user agent strings or patterns

Geo Block

Block traffic from specific countries using ISO codes (e.g., CN, RU)

ASN / ISP Block

Block traffic from specific hosting providers or ISPs by name (e.g., DigitalOcean, Hetzner)

URL Path Block

Block requests to specific URL paths or patterns (e.g., /admin, .php)

Referer Block

Block requests from specific referring domains (e.g., spam-site.com)

HTTP Header Block

Block by arbitrary HTTP header value (format: Header-Name:value)

Custom Rate Limit

Trigger action when an IP exceeds N requests in a time window (e.g., 10/60)

Rule Actions

Block

Show block page. Request is rejected and logged.

Challenge

Show proof-of-work JS challenge. Humans pass, bots fail.

CAPTCHA

Show CAPTCHA widget using your configured provider.

Allow
Whitelist

Skip ALL protection checks. Use to whitelist your own IPs, trusted crawlers, or internal services.

Suggested Rules
The backend already blocks most bots automatically. These rules let you add extra IP/rate-limit protection specific to your site.
ℹ️ User-Agent rules here are optional — curl, sqlmap, python-requests and other common tools are already blocked at the system level for all users.

Custom Rules

Create and manage custom protection rules

Loading rules...
Trusted IPs skip all detection checks
Add office IPs, CI/CD runners, and monitoring agents here. Requests from these IPs will be allowed immediately without any bot scoring, CAPTCHA, or rate limiting. Supports single IPs and CIDR ranges (e.g. 10.0.0.0/8).

Add Trusted IP

Office IP CI/CD Bot Monitoring Staging

Trusted IPs

0
IP / CIDR Label Hits Added
Loading...
CURRENT PLAN

Free Plan

Perfect for getting started

$0
per month
Today
0
requests
Limit
1000
per day
Resets In
--:--
until reset
Member Since
--
join date
Protection
9 Methods
all active
Plan Cost
per month
Total Paid
$0.00
all time
Active Until
Balance
$0.00
referral & bonus
API Requests Usage 0%

Choose Your Perfect Plan

All plans include full bot protection - upgrade for higher request limits

Payment Methods

Secure payment options for your subscription

Payment History

All your past transactions

Date Amount Provider Status
Loading…

EMAIL NOTIFICATIONS

ALERT TYPES

Choose which events should trigger notifications

CHAT NOTIFICATIONS

Receive email alerts for AI-assistant chat events

WEBHOOK INTEGRATION

Recent Alerts

Latest security notifications

No alerts yet

You'll see notifications here when suspicious activity is detected on your protected websites

PROFILE INFORMATION

SECURITY

DANGER ZONE

Delete Account
This action cannot be undone. All your data will be permanently deleted.

Integration Guide

Complete guide for protecting your website with Anti-Bot SaaS. Get started in 30 seconds.

Quick Start (30 seconds)

Add protection to your website in one line

Add this single line to your website's HTML, right before the closing </body> tag:

<script src="http://localhost:8080/protect.js?key=YOUR_API_KEY" async></script>
That's it! Your website is now protected.
The script automatically:
  • Tracks user behavior (mouse movements, clicks, typing patterns)
  • Generates browser fingerprints
  • Detects headless browsers and automation tools
  • Validates all form submissions
  • Monitors AJAX requests

Integration Examples

Framework-specific implementation guides

HTML / Static Sites

<!DOCTYPE html>
<html>
<head>
    <title>My Protected Website</title>
</head>
<body>
    <h1>Welcome</h1>
    <p>This site is protected from bots.</p>

    <!-- Anti-Bot Protection -->
    <script src="http://localhost:8080/protect.js?key=YOUR_API_KEY" async></script>
</body>
</html>

React / Next.js

// In your pages/_document.js or app layout
import Script from 'next/script';

export default function MyApp({ Component, pageProps }) {
  return (
    <>
      <Component {...pageProps} />
      <Script
        src="http://localhost:8080/protect.js?key=YOUR_API_KEY"
        strategy="afterInteractive"
      />
    </>
  );
}

Vue.js

// In your main App.vue or index.html
<template>
  <div id="app">
    <router-view />
  </div>
</template>

<script>
export default {
  mounted() {
    const script = document.createElement('script');
    script.src = 'http://localhost:8080/protect.js?key=YOUR_API_KEY';
    script.async = true;
    document.body.appendChild(script);
  }
}
</script>

WordPress

// Add to your theme's functions.php
function add_antibot_protection() {
    wp_enqueue_script(
        'antibot-protection',
        'http://localhost:8080/protect.js?key=YOUR_API_KEY',
        array(),
        null,
        true
    );
}
add_action('wp_enqueue_scripts', 'add_antibot_protection');

Direct API Usage (Advanced)

For custom integrations, you can call our API directly from your backend:

Endpoint

POST http://localhost:8080/api/protect/check

Request Headers

Content-Type: application/json
X-API-Key: YOUR_API_KEY

Request Body

{
  "ip_address": "192.168.1.100",
  "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)...",
  "fingerprint": "abc123xyz789",
  "behavioral_data": {
    "mouse_movements": 150,
    "click_count": 5,
    "time_on_page": 12.5,
    "keystroke_dynamics": [120, 85, 95, 110]
  }
}

Response

{
  "decision": "allow",  // "allow", "block", or "challenge"
  "score": 0.87,        // 0.0 (bot) to 1.0 (human)
  "reasons": [],
  "challenge_token": null
}

Python Example

import requests

response = requests.post(
    'http://localhost:8080/api/protect/check',
    headers={
        'Content-Type': 'application/json',
        'X-API-Key': 'YOUR_API_KEY'
    },
    json={
        'ip_address': request.remote_addr,
        'user_agent': request.headers.get('User-Agent'),
        'fingerprint': 'generated_fingerprint',
        'behavioral_data': {
            'mouse_movements': 100,
            'click_count': 3,
            'time_on_page': 8.2
        }
    }
)

result = response.json()
if result['decision'] == 'block':
    return abort(403, 'Access denied')

Yandex OAuth Token — Setup Guide

To connect Yandex.Metrica and push bad sessions automatically, you need an OAuth token with edit access to your counter.

Step 1 — Open the OAuth page

Go to the Yandex OAuth authorization page and create a new token. You can do this directly from the link below.

Open Yandex OAuth Docs →
Step 2 — Request a debug token (fastest way)

The fastest way to get a token is via the Yandex OAuth debug page. Open the link below, log in with your Yandex account that owns the Metrica counter, and click Allow:

https://oauth.yandex.ru/authorize?response_type=token&client_id=05974b6d476b4de7b2d6a9a5b32ed223

After redirect, copy the access_token value from the URL and paste it into the OAuth-token field. The token starts with y0_ or AgAA.

Step 3 — Required permissions

The token must have access to Yandex.Metrica with edit rights (metrika:read + metrika:write). Without edit rights the system cannot push isBadSession=1 to visitor segments.

Step 4 — Token expiry

Tokens obtained via the debug method expire after 1 year. The system checks token validity daily and will email you when it expires. You can always re-enter a fresh token via Edit → Check Token in the YA/GOOGLE section.

Best Practices

✓ Do's

  • Place the script tag at the end of your <body> for best performance
  • Use the async attribute to prevent blocking page load
  • Create separate API keys for development, staging, and production
  • Monitor your Analytics dashboard regularly for attack patterns
  • Set up email alerts for high-volume attacks
  • Test your integration with our provided attack simulation tools
  • Whitelist your office IP if you're testing from the same network

✗ Don'ts

  • Don't hardcode API keys in public repositories
  • Don't use the same API key across multiple unrelated websites
  • Don't disable the script on forms - it's automatic and seamless
  • Don't block based on IP alone - use our multi-factor scoring
  • Don't set rate limits too aggressively - this can block real users
PAID ADD-ON

Proxy Protection

Works like Cloudflare — route your traffic through AntiFraude.RU. No code changes on your site. All bots blocked before they reach your server.

🔁
DNS-only setup
Change one DNS record, done
🤖
Blocks all bots
Even those without JS
📊
Full analytics
All attacks logged in dashboard
Add-on price
$9/month
on top of your current plan
Contact support to activate. We will enable it within 24 hours.
0
Total Invited
0
Qualified Referrals
$0.00
Total Earned

Your Referral Link

Share this link to earn commissions

Your code:

Your Balance

Available to use or withdraw

$0.00

Min. withdrawal: $5.00

Program Terms

How commissions work

10% Commission
Earn 10% of every payment made by your referrals
Lifetime Earnings
Earn commissions for as long as your referrals stay subscribed
Instant Credits
Balance is credited immediately after referral payment

How It Works

1
Share Your Link
Share your unique referral link with friends, followers, or on social media
2
They Sign Up & Pay
When they register and subscribe to any paid plan, you earn a commission
3
Get Paid
Use earnings to upgrade your plan or withdraw to your wallet

Commission History

No transactions yet
Setup Guide
New Request
My Requests
Loading...

Chat

Knowledge base chatbot widget for your website

0
Knowledge Bases
0
Documents
0
Storage
0
Ready
1 Create a knowledge base

Click «+ New knowledge base», give it a name and save. That's enough — the widget already works as a general AI assistant even without any documents.

2 Add documents (optional)

Open the knowledge base → Documents tab. Upload PDF, TXT, DOCX files or paste a URL to scrape. The system splits them into chunks and indexes them — answers will be drawn from your content.

3 Configure the widget appearance

Go to the Widget tab inside the knowledge base. Set the bot name, greeting, color and position. A live preview is shown on the right.

4 Embed on your website

Copy the <script> snippet from the Widget tab and paste it before the closing </body> tag on your site. The chat button appears instantly.

Works without documents too

If no documents are uploaded the chatbot answers questions using the base AI model — useful as a general support assistant right away. Upload documents when you want answers grounded in your specific content.

No knowledge bases yet. Create one to get started.