we have a java server-client application with an applet in the client side.
our applet seems to be used by attackers for bots and other attacks… we suspect that they modified it and used it.
because we use strongly encrypted packets they can do that in only two ways:
1.modify our applet and use it against us in someway.
2.build a whole software that can handle the same protocol and encryption mechanism to talk to our servers and perform attacks.
is there anyway to prevent using an applet from outside the server?(the html page on our server).
There are a handful of ways attackers could automate interactions with your applet. Some ways are:
There isn’t really a good way to prevent this. One thing that I can suggest is throttling requests per individual client sessions. This won’t completely prevent bots but can at least slow them down to human speeds.