Malicious bot attack?
-
Several of our websites have experienced a major direct load traffic spike in the last 30 days - roughly 40K new visitors for each site. The bots are emulating IE9 and appear to be hitting our home page and bouncing 100% of the time. The traffic is double our usual volume, or more. Our bounce rates, conversion rate, page views, etc have suffered accordingly. The volume hasn't affected site performance, yet.
Since the traffic is direct load, I can't see this being a negative SEO attack. Plus, our search visibility for everything but our brands is abysmal - there aren't any real rankings to tank.
Our engineers are saying that the IP addresses are diverse, and they aren't seeing any pattern. I also checked GA for traffic locations, and we aren't seeing anything unusual from overseas.It appears that the attack is US based.
Has anyone seen this before?
-
I have been experiencing this on my site as well. Just curious if you were still receiving this kind of traffic since it has been a few months?
Recently there have been one or two times throughout the day where I see a huge spike in direct traffic. As you mentioned, the GA numbers seem to suffer but as long as this does not impact my rankings or site performance I'm not too worried. I too am concerned that this is more than just an annoyance and possibly reason for concern.
I've had other sites show up on GA as sending tons of referral traffic and figured it was just spam, but not sure of the benefit to a spammer of sending ghost direct traffic unless it is some kind of negative SEO attack. Would love to find out.
-
try
http://sucuri.net/website-firewall/
or
Stop bot attack resulting in a more secure website. Stop bots
-
Google analytics has issue with ghost referrals and find out what the referral name is parking in the block it in GA
UA numbers ending in two and three are not effected for some reason
You're hosting company can update software in order to make this stop
hope this helps
Tom
-
I would strongly recommend Cloudflare to address this type of problem. They have massive data on malicious sources and offer tools to mitigate attacks like you're facing.
-
Have you tried digging deeper into the type of browser and OS they're emulating? Chances are you could get a pretty precise block on just their activity if you match up their browser, screen dimension, OS, versions, etc without affecting any other users.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
It's possible a bounce-rate attack manipulate SEO?
My site has been visited by unusual users with one second session times. This leaves my analytics data confused.
White Hat / Black Hat SEO | | CompraBit0 -
Black Seo --> Attack
Hello there, Happy new year for everyone, and good luck this year. I have a real problem here, I saw in MOZ link history that somehow the "Total Linking Root Domains" is growing from a medium of 30 - 40 to 240 - 340 links and keep it growing. I guess somebody make me good joke, cause i did not buy any link :)) even cn, brasil, jp links, my store is from Romania. How I can block these links I think google will make me bad instead. What should i do? Thank you so much. With respect,
White Hat / Black Hat SEO | | Shanaki
Andrei 0tYg1wB.png0 -
Website rankings plummeted after a negative SEO attack - help!
Hello Mozzers A website of a new client (http://bit.ly/PuVNTp) use to rank very well. It was on the top page for any relevant search terms in its industry in Southern Ontario (Canada). Late last year, the client was the victim of a negative SEO attack. Thousands upon thousands of spammy backlinks were built (suspected to be bought using something like Fiverr). The links came from very questionable sites or just low quality sites. The backlink growth window was very small (2,000 every 24 hours or so). Since that happened that site has all but disappeared from search results. It is still indexed and the owner has disavowed most of the bad backlinks but the site can't seem to bounce back. The same happened for another site that they own (http://bit.ly/1tErxpu) except the number backlinks produced was even higher. The sites both suffer from duplicate content issues and at one point (in 2012) were de-indexed due to the very spammy work of a former SEO. They came back in early 2013 and were fine for some time. Thoughts?
White Hat / Black Hat SEO | | mattylac0 -
Spamlink attack wat to do
Since today we had a spamlink attack. Just 150 dirty links in one morning and probably more to follow. Last year we also had an attack and we used the disalow. But this domain had a much stronger histrory and a PR of 6. The new domain has an authority (DA36) and PR1. The domain is very valuable and we rank on page on one of the most competitive words. Should I use the disalow tool, or just hope that the spam links don't hurt my ranking. I have some (150) valuable incoming links. Example of bad link: http://lamevabarcelona.com/una-exposicio-ens-guia-per-barcelona/dscn0756/ I think X Rumer/ pingback is used. I hope somebody can help us with this.
White Hat / Black Hat SEO | | remkoallertz0 -
Being Link Attacked - Should I worry?
Hey, Hope everyone is well. Just a quick question. I hope to get an answer from Google officially (I've asked in their webmaster forums area) but any experience or opinions from the community here would be great. I noticed recently that our site started to get thousands of links from comments in random blogs from all across the web. This is nothing to do with us as we don't "build links". I can only assume it is a competitor trying to get our site hit by the algorithm for a particular search term, as all the anchor text (I estimate about 1,800 links with this anchor text) point to one page on our site that is ranking for that term. I recently removed the website from webmaster tools and re added, due to an unrelated issue about the a video rich snippet not updating, and all the links have just popped up today on there. Is this something I need to worry about? and should I start collecting all these domains and using the disavow tool to block the whole domain of these sites with the comments (some of them seem like genuine sites). There seem to be new ones everyday and it looks to be an ongoing attack as well. Thanks in advance!
White Hat / Black Hat SEO | | JonathanRolande0 -
Website mallware attacks
I keep getting attacks to my website every time that are being blocked by OSE firewall Is there any way to stop this? I am affraid because they actually manage enter my website on the past, and i dont know if they can enter on the future or if having all the pluggins and wordpress updated. I am safe enough, and i am not sure if there is any type of virus on my computer Macbook as those attacked pages were recently updated from my computer. Is there any malware scan for Mac Thanl you == Attack Details == TYPE: Found Basic DoS Attacks DETECTED ATTACK VALUE: dDos Attack ACTION: Blocked LOGTIME: 2013-02-25 11:48:18 FROM IP: http://whois.domaintools.com/75.126.24.81 URI: [http://www.propdental.es/](http://www.propdental.es/) METHOD: HEAD USERAGENT: N/A REFERRER: N/A == Attack Details == TYPE: Found Basic DoS Attacks DETECTED ATTACK VALUE: dDos Attack ACTION: Blocked LOGTIME: 2013-02-25 10:13:17 FROM IP: http://whois.domaintools.com/107.21.150.82 URI: [http://www.propdental.es/blanqueamiento-dental/](http://www.propdental.es/blanqueamiento-dental/) METHOD: HEAD USERAGENT: N/A REFERRER: N/A ``` == Attack Details == TYPE: Found Malicious User Agent DETECTED ATTACK VALUE: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 ACTION: Blocked LOGTIME: 2013-02-25 03:13:52 FROM IP: http://whois.domaintools.com/119.245.226.74 URI: [http://www.propdental.es/sonrisas/los-martinez/](http://www.propdental.es/sonrisas/los-martinez/) METHOD: HEAD USERAGENT: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 REFERRER: N/A ``` ```
White Hat / Black Hat SEO | | maestrosonrisas0 -
Yet another Negative SEO attack question.
I need help reconciling two points of view on spammy links. On one hand, Google seems to say, "Don't build spammy links to your website - it will hurt your ranking." Of course, we've seen the consequences of this from the Penguin update, of those who built bad links got whacked. From the Penguin update, there was then lots of speculation of Negative SEO attacks. From this, Google is saying, "We're smart enough to detect a negative SEO attack.", i.e: http://youtu.be/HWJUU-g5U_I So, its seems like Google is saying, "Build spammy links to your website in an attempt to game rank, and you'll be penalized; build spammy links to a competitors website, and we'll detect it and not let it hurt them." Well, to me, it doesn't seem like Google can have it both ways, can they? Really, I don't understand why Competitor A doesn't just go to Fiverr and buy a boatload of crappy exact match anchor links to Competitor B in an attempt to hurt Competitor B. Sure, Competitor B can disavow those links, but that still takes time and effort. Furthermore, the analysis needed for an unsophisticated webmaster could be daunting. Your thoughts here? Can Google have their cake and eat it too?
White Hat / Black Hat SEO | | ExploreConsulting0 -
Attacked with spam links.
Our website was hit with the "Pharma hack", "Google Cloaking Hack", or "Blackhat SEO Spam". and Google showed in the results this website may be compromised. After cleaning out the hack from the website I chacked with the Seomoz tool Open Site Explorer and I found that they hacked 1000 of other websites and created links to my website. They were building a few 1000 links to the website with the clickable text "buy cheap online pharmacy". and more like that. This website www.washington23.com has been hacked and gives over 200 links to your website for pharmacy items. And Google considers this from your impotent links as i can see in webmasters. What can I do about it?
White Hat / Black Hat SEO | | Joseph-Green-SEO0