wall.click
All solutions

Features

Bot Detection & Custom Rules

ML-based detection plus your own rules.

A classic IP blacklist is no longer enough against bot traffic; bot operations rotate IP pools every week and constantly evolve their behaviour. A static list expires within five days.

wall.click delivers a two-layer approach: (1) automatic detection of bot behaviour through machine-learning models that are continuously retrained, (2) a manual rule engine tailored to your industry and business logic. Both work side-by-side and both are managed from a single dashboard.

What you gain

What you get with this solution

ML-based detection

A model trained on behavioral fingerprint, click pattern and session signals; retrained weekly.

Custom rule engine

Define your own no-code rules combining IP, ASN, geography, frequency and behavior.

Whitelist & blacklist

Permanently pass safe IPs, permanently block suspicious ones; CIDR-block and ASN-based list management.

Sensitivity levels

5 levels from conservative to aggressive; you can apply different levels per campaign.

Headless browser detection

Catch automation tools like Puppeteer, Selenium and Playwright through fingerprint signals.

Coordinated-attack detection

Detect coordinated movement of different IPs concentrated on the same campaign.

Problem

The bot ecosystem keeps evolving

Roughly 30-50% of internet traffic is bot traffic (Imperva Bad Bot Report 2024). Half of that is malicious: scrapers, click bots, attribution-fraud bots and more sophisticated variants. Bot operators ship new techniques weekly; static filters lose their effectiveness within 1-2 weeks.

Where classic bot detection falls short

  • User-Agent checks — bots send realistic UAs
  • JavaScript challenges — modern bots execute JS
  • Static IP blacklists — bot networks rotate IPs every week
  • CAPTCHA — destroys UX and loses real customers
  • Single-signal filtering — easy to bypass

Modern bot categories

Today's bot landscape is far broader: classic scrapers, humanlike bots that simulate real mouse trajectories, residential proxy networks, and click farms run by real human operators.

Method

Our layered detection approach

  1. 1

    Layer 1: Machine learning

    Our Gradient Boosting + LSTM model is trained on millions of labelled sessions. It correlates behavioural sequences, mouse trajectory, scroll patterns and intra-session consistency. The model is retrained weekly as new bot variants emerge.
  2. 2

    Layer 2: Manual rule engine

    A no-code rule editor for industry- or business-specific patterns the ML model can't catch on its own. Write complex AND/OR conditions like "IF IP outside Turkey AND 5+ clicks/hour AND not mobile → block".
  3. 3

    Layer 3: Community intelligence

    A new bot operation found at one customer is anonymously propagated across the platform. You benefit from a database of 2.5M+ known bad IPs refreshed hourly.

Data

Bot categories we catch and their distribution

Categorical breakdown of bots detected by wall.click over the last 90 days:

41%

Classic scrapers / crawlers

Caught via User-Agent + behaviour sequencing

27%

Headless browser bots

Puppeteer, Selenium, Playwright fingerprints

19%

Residential proxy + humanlike

Real human behaviour simulated through home IPs

The remaining 13% splits across categories: click farms, coordinated attacks, attribution-fraud bots, SDK spoofing.

Practice

Custom rule examples

Rule sets our customers commonly use (deployable from the dashboard with one click):

Frequency limit

5+ clicks from the same IP within 10 minutes → automatic block.

Geographic boundary

Mark every click from outside Turkey as high-risk and re-evaluate.

Datacenter ASN

Block traffic from AWS, Google Cloud, Azure, Hetzner ASNs.

Device mismatch

Ad targeted at mobile but clicked from desktop → suspicious.

Campaign sensitivity

Raise sensitivity to maximum on high-value campaigns (e.g. retargeting).

Whitelist priority

Always allow approved IPs coming from your CRM.
Every rule is no-code via the dashboard — no developer help needed. Rule changes go live within 30 seconds.

FAQ

Frequently asked questions

Is your ML model optimized for my industry?
The model base is industry-agnostic, but behavior patterns specific to your sector are added as an extra layer. In the first 30 days it is fine-tuned with your own data.
If I make a mistake writing my rules, will I lose real customers?
Our "test mode" lets you run the rule only in reporting mode first: see which clicks would be caught without any live blocking. Activate it once you're satisfied.
What is the accuracy of your ML model?
96.4% precision and 91.7% recall on test data. False-positive rate below 0.3% — we very rarely block real customers by mistake.
How do you catch headless browsers?
Multiple techniques: navigator.webdriver flag, missing browser APIs, mouse-trajectory inconsistencies, JavaScript fingerprint anomalies, and device-parameter mismatches like screen resolution.
Is my customer data safe?
All signals are stored as hashes; no personal data is collected. KVKK- and GDPR-compliant infrastructure hosted in Türkiye.

Related solutions

Features

PPC Fraud Protection

Fraud Types

Bot Traffic

Fraud Types

Advanced Fraud

Protect Your Ad Budget —
Start Today

Try it free for 14 days. No credit card required. Finish setup in minutes and start blocking fake clicks.