Discuss with expertTry it for free

KillBot Web Protector: Stop Bots & Block DDoS L7 Attacks

Updated May 21, 2026

KillBot is a website protection solution that stops bots and blocks DDoS L7 attacks.

What KillBot does

  • Removes direct and other bot visits from analytics.
  • Removes human-like bots from search results.
  • Blocks bot spam without CAPTCHA.
  • Protects against SMS balance fraud.
  • Detects bots in advertising traffic.
  • Blocks all bots without JavaScript support by default, except for search engines.

KillBot can

  • Block bot visits.
  • Overload bot CPU.
  • Hide analytical scripts (Yandex Metrica, Google Analytics).
  • Display CAPTCHA.

Transparency and management

  • Every visit in Yandex Metrica is labeled as “bot” or “non-bot” for an easy look into efficiency.
  • You can manually relabel visits mistakenly identified as bots or users. Subsequent visits with the same snapshot will be treated the same way.
  • KillBot builds UserID independent of cookies, so even incognito mode will not hide bots.
  • The management functions are implemented through the personal account.

Performance

KillBot running on a 2 vCPU / 2GB RAM server successfully repels Layer 7 DDoS attacks (as tested using ipstresser.su / Tier-1 attack profile) using only 20% CPU and 1GB RAM. Malicious requests never reach the main website.

API and user interface

You can work with KillBot via API.

For a quick start, watch this video guide. The video will show you how to get KillBot up and running, and how to manage your protection. This will help you adapt and avoid typical rookie mistakes.

How it works

  • The KillBot server processes traffic before it reaches your website.

  • For a connection, you need to update your DNS A record to point to your KillBot server’s IP address.

  • Your server only hosts the KillBot verification page, the actual user verification algorithms running on KillBot’s infrastructure.

  • Before accessing your site, visitors first see KillBot’s verification page (visible as a 1-second blue circle animation).

    At this stage, KillBot can:

    • Detect a bot.
    • Overload bot CPU.
    • Display CAPTCHA.

Browser snapshots

KillBot splits all traffic into snapshots. These are not fingerprints but unique snapshots of the bot generation software. Even if the bot spoofs browser parameters, the snapshot remains the same.

This allows KillBot to:

  • Tell users from bots.
  • Manually block specific snapshots.
Deployment instructions

  1. Create a cloud network with a subnet to host the virtual machine (VM).

  2. In the new cloud network, create a security group and configure the rules as follows:

    Traffic direction Description Port range Protocol Source / Destination CIDR blocks
    Ingress HTTP 80 TCP CIDR 0.0.0.0/0
    Ingress HTTPS 443 TCP CIDR 0.0.0.0/0
    Ingress SSH 22 TCP CIDR 0.0.0.0/0
    Egress Any Egress 0-65535 Any CIDR 0.0.0.0/0

  3. Get an SSH key pair for connection to the VM.

  4. In the Marketplace, find the product KillBot Web Protector: Stop Bots & Block DDoS L7 Attacks and click Create VM.

    1. Under Network settings, specify the cloud network, subnet, and security group you created earlier.

    2. Under Access, specify the username and public SSH key for connection to the VM.

    3. Under General information, specify the VM name.

    4. Complete setting up your VM and click Create VM.

      Wait for the VM to be created and the application to be installed: this may take up to 10 minutes.

      The KillBot verification page communicates with KillBot’s main server, so an account will be automatically created for you at killbot.ru. If you already have an account, you can use the existing one.

  5. Give KillBot access to your website server:

    1. Learn the public IP address of the new VM.
    2. On your website server, allow incoming traffic on port 443 from the public IP address of the new VM.

  6. Connect to the VM over SSH.

  7. Connect the KillBot verification page to the website using the following command:

    sudo kb install \
  -e <your_email> \
  -d <website_domain> \
  -ip <server_IP_address> \
  -le 1 \
  -t <KillBot_token>

    Where:

    • -e: Your email.
      If no killbot.ru account exists for this email, one will be created automatically. The login details will be sent to this address.
    • -d: Domain of the website you are connecting to KillBot.
    • -ip: IP address of the website server specified in -d.
    • -le: Let’s Encrypt® certificate issuance.
      Set 0 if behind Cloudflare; otherwise, 1.
    • -t: Token from your killbot.ru account.
      Get it here: killbot.ru/api-key.
Billing type
Free
Type
Virtual Machine
Category
Security
Publisher
KillBot
Use cases

Examples of connecting the verification page to a website:

  • For Let’s Encrypt®, no killbot.ru account:

    sudo kb install \
  -e user@example.com \
  -d example.com \
  -ip 31.**.***.***

  • For Cloudflare (FULL SSL) with with self-signed certificate:

    sudo kb install \
  -e user@example.com \
  -d example.com \
  -ip 31.**.***.*** \
  -le 0

  • With existing KillBot account:

    sudo kb install \
  -e user@example.com \
  -d example.com \
  -ip 31.**.***.*** \
  -t 3Fge********
Links
Protect Your Website with KillBot’s Verification Page on Ubuntu ServerVideo guide
Technical support

KillBot
KillBot provides technical support to Yandex Cloud users. You can contact technical support on Telegram.

Yandex Cloud
Yandex Cloud does not provide support for this product. If you have any issues, please refer to the vendor’s information resources.

Product IDs
Product:
f2epldhpbmc4oh42ipf8
VM image:
fd8cdojfpaluesh95pbt
Image family:
killbot-killbot
Product composition
SoftwareVersion
Ubuntu22.04
Apache2.4.52
php8.1
Terms
By using this product you agree to the Yandex Cloud Marketplace Terms of Service and the terms and conditions of the following software: Ubuntu
Billing type
Free
Type
Virtual Machine
Category
Security
Publisher
KillBot