How to Deal with Fake Bot Traffic
It can be very exciting to see a spike in traffic on your website; relief that you are finally doing something right. However, it is becoming increasingly more common to have spikes in traffic due to a fraudulent source known as bad bots. The Bad Bot Report 2020 by Imperva states that bad bot traffic rose to 24.1% in 2019, and it’s the highest proportion ever.
What are bots and how do you stop them from skewing your reporting? Read on. I’m going to help you understand.
What is a bot?
A bot, short for robot, is a software application which has the primary mission of completing automated tasks online. These tasks are typically repetitive in nature, and are performed with more efficiency and speed than is possible by a human.
Good vs. harmful bots
Bots are used for beneficial purposes such as indexing internet sources and search engines. However, their uses have also gone over to the dark side. Harmful bots are designed for malicious purposes, such as spreading malware, collecting email addresses, committing click fraud and artificially inflating website traffic. Let’s take a look at the different types of bad bots you need to be aware of.
Other bots spam without even collecting email addresses. They attack the servers directly by going to to hundreds of thousands of websites each day, and sending HTTP requests with a fake referrer header. They design and distribute these fake headers in order to avoid being discovered as bots. The phony header typically displays the website that the spammer wishes to endorse, and which they want to get clicks or even links from in the case that server logs have been made public.
Some spambots are designed to send artificial traffic without even visiting a website. This happens when the bots produce HTTP requests from a Google Analytics tracking code. Your website ID is used as well. Not only can smart spambots send fake traffic to a website, they can also send fake referrers. Since the referrer website often looks like a legitimate one, you may think that the referring website is real, though it’s not. The GM Block Bots plugin filters out these types of bots with a 403 Forbidden message and prevents them from showing up in your Google Analytics.
Botnet stands for a robot network, and it is a network of computers. The botnet is in communication with each other in order to perform tasks. It can be located locally, or it can be spread out across the globe. When a spambot accesses botnet, it can gain access to the whole network of IP-addresses and launch attacks including DDoS, Adware, Spyware, E-mail spam, click fraud, fast flux, and scareware. This further confuses website owners as fraudulent traffic can be coming from a wide range of IP addresses.
How to detect spam sources
Start by going to your Referrals report located in your Google Analytics account and sort the report by the bounce rate in descending order. Then, locate any referrers with a 100% or 0% bounce rate, and who also have 10 or more sessions. If you suspect that a website is a spam referrer, try googling information about it. Once you have confirmed these bad bots, you may want block them from visiting your website. Of course, you could always just ignore them.
How to protect a website from spambots
If you are finding spambots in your Google Analytics frequently, you can block them with .htaccess. While, it is the most effective method, any small .htaccess mistake can bring your site down, so do so with caution.
You can also hide spambots directly in Google Analytics. While it does hide traffic, without spending endless hours setting up filter, junk traffic is still logged.
Thirdly, if you’re a WordPress user, you can use the GM Block Bots plugin to defeat spambots. It’s compact, requires no set up, and has shown some pretty neat results. See the below graph showing bot traffic before and after the GM Block Bots plugin was installed.
Don’t lose hope. Spambots can be thwarted. While dealing with spambots can be frustrating, it’s important to stay on top of the threat. Doing so will give you a clearer view of how your website is performing.
Also, if you want to get more security tips or develop a highly secure website, please feel free to contact us. Our specialists will provide you with a free consultation and answer all your questions.