The Anti-Grinch Bot is a multi-service system designed to defend E-commerce and ticketing platforms like Walmart and Ticketmaster against automated bots that attempt to hoard high-demand, low-supply items such as GPUs, game consoles, and concert tickets.
Grinch bots are automated scripts designed to snatch products the moment they drop, depriving real customers of fair access. These bots contribute to artificial scarcity and inflate resale markets. Our system aims to detect and block these bots in real-time using behavioral analytics and machine learning, helping retailers maintain fairness and trust.
- Real-time Bot Detection via behavioral analysis (mouse movement, keyboard input, device fingerprinting).
- ML-Powered User Classification using a trained model (Random Forest Regressor).
- Admin Dashboard with user logs, live metrics, and IP banning capabilities.
- Device Fingerprinting to persistently identify users even across sessions or cookie resets.
- ReCAPTCHA v3 + v2 Fallback during checkout for added protection.
- Modular Architecture with CI/CD and containerized services via Docker.
The project is composed of four main services:
-
Frontend Client (E-commerce Site)
- A mock Walmart-like site built with React + Vite + ShadCN components.
- Tracks mouse movements, speeds, key presses, and device fingerprint.
- Communicates with the ML service via WebSockets for real-time classification.
-
Admin Panel
- A separate dashboard interface for administrators.
- Shows live statistics of users, bot detection metrics, and anomaly scores.
- Allows manual blocking of IP addresses and inspection of user logs.
-
Backend API
- Built using Node.js and Express.
- Handles authentication with JWT and serves data to the admin panel.
- Acts as the central data pipeline between services.
-
Machine Learning Service
- Implemented using Python and Scikit-learn’s RandomForestRegressor.
- Analyzes behavioral data and returns a human/bot prediction score.
- Communicates with the frontend over WebSockets for low-latency predictions.
Frontend (Client & Admin Panel)
- React + Vite
- ShadCN UI
- WebSockets
- Google ReCAPTCHA v3 & v2
Backend
- Node.js
- Express.js
- JWT Authentication
Machine Learning
- Python
- Scikit-learn
- RandomForestRegressor
- WebSocket server
DevOps / Infra
- Docker (containerized each service)
- GitHub Actions (CI/CD)
- AWS EC2 (deployment target)
The system gathers the following features from the frontend:
- Mouse movement speed and pattern
- Keyboard activity (key press rate, character count)
- Device fingerprint
This data is streamed to the ML service via WebSockets and evaluated for anomalies. The ML model assigns a probability score, determining if a user is likely a bot. Based on thresholds, users are tagged as:
- CONNECTED (legitimate)
- BOT (suspicious)
The admin dashboard includes:
- Live stats: Number of connected users, bots, etc.
- Logs: Anomaly scores, user movement patterns, device fingerprints.
- IP Blocking: Admins can manually ban IPs tied to malicious behavior or VPN usage.
On checkout:
- Google ReCAPTCHA v3 assigns a trust score.
- If the score falls below a defined threshold, ReCAPTCHA v2 is presented as a fallback.
Note: Installation instructions and Docker setup will be added here.
Each service runs inside a Docker container. GitHub Actions is used for continuous integration and deployment to an AWS EC2 instance.
- Mayank Chauhan
- Mahadev Balla
- Paarth Mahadik
- Taranjeet Singh Kalsi
This is a hackathon project. No license has been assigned. Please do not use in production environments without appropriate review.