Using java applets from outside the Server's html page.

Question

Hi experts... we have a java server-client application with an applet in the client side.

our applet seems to be used by attackers for bots and other attacks... we suspect that they modified it and used it.

because we use strongly encrypted packets they can do that in only two ways:

1.modify our applet and use it against us in someway.

2.build a whole software that can handle the same protocol and encryption mechanism to talk to our servers and perform attacks.

is there anyway to prevent using an applet from outside the server?(the html page on our server).

Answer 1

There are a handful of ways attackers could automate interactions with your applet. Some ways are:

• Drop it into their own html page and use JavaScript. JavaScript can actually call public methods on an applet.
• Browser plugins which allow scripting
• OS level macro recorders

There isn't really a good way to prevent this. One thing that I can suggest is throttling requests per individual client sessions. This won't completely prevent bots but can at least slow them down to human speeds.