Malicious bot attack?
-
Several of our websites have experienced a major direct load traffic spike in the last 30 days - roughly 40K new visitors for each site. The bots are emulating IE9 and appear to be hitting our home page and bouncing 100% of the time. The traffic is double our usual volume, or more. Our bounce rates, conversion rate, page views, etc have suffered accordingly. The volume hasn't affected site performance, yet.
Since the traffic is direct load, I can't see this being a negative SEO attack. Plus, our search visibility for everything but our brands is abysmal - there aren't any real rankings to tank.
Our engineers are saying that the IP addresses are diverse, and they aren't seeing any pattern. I also checked GA for traffic locations, and we aren't seeing anything unusual from overseas.It appears that the attack is US based.
Has anyone seen this before?
-
I have been experiencing this on my site as well. Just curious if you were still receiving this kind of traffic since it has been a few months?
Recently there have been one or two times throughout the day where I see a huge spike in direct traffic. As you mentioned, the GA numbers seem to suffer but as long as this does not impact my rankings or site performance I'm not too worried. I too am concerned that this is more than just an annoyance and possibly reason for concern.
I've had other sites show up on GA as sending tons of referral traffic and figured it was just spam, but not sure of the benefit to a spammer of sending ghost direct traffic unless it is some kind of negative SEO attack. Would love to find out.
-
try
http://sucuri.net/website-firewall/
or
Stop bot attack resulting in a more secure website. Stop bots
-
Google analytics has issue with ghost referrals and find out what the referral name is parking in the block it in GA
UA numbers ending in two and three are not effected for some reason
You're hosting company can update software in order to make this stop
hope this helps
Tom
-
I would strongly recommend Cloudflare to address this type of problem. They have massive data on malicious sources and offer tools to mitigate attacks like you're facing.
-
Have you tried digging deeper into the type of browser and OS they're emulating? Chances are you could get a pretty precise block on just their activity if you match up their browser, screen dimension, OS, versions, etc without affecting any other users.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Malicious links on our site indexed by Google but only visible to bots
We've been suffering from some very nasty black hat seo. In Google's index, our pages show external links to various pharmaceutical websites, but our actual live pages don't show them. It seems as though only certain user-agents see the malicious links. Setting up Screaming Frog SEO crawler using the Googlebot user agent also sees the malicious links. Any idea what could have caused this or how this can be stopped? We scanned all files on our webserver and couldn't find any of malicious links. We've changed our FTP and CMS passwords, is there anything else we can do? Thanks in advance!
White Hat / Black Hat SEO | | SEO-Bas0 -
Has our site been attacked?
Hello fellow mozers! I am having a problem you might be able to help me with and any thoughts on the issue will be greatly appreciated. Yesterday, I received an automated monthly report from Quill Engage, a tool that fetches data from Google Analytics and generates reports in a narrative format. Last month's 'referral traffic' section indicates two incredibly spammy websites driving more than 200 sessions to our website. Naturally, I checked out GWT and Open Site Explorer but couldn't find any traces of such activity. Futhermore, all our metrics seem ok. Can this possibly be a negative SEO attack that was only traced by the aforementioned tool? Can you propose any other way to test this and make sure we're not being attacked?
White Hat / Black Hat SEO | | SMD_0 -
Negative SEO Click Bot Lowering My CTR?
I am questioning whether one of our competitors is using a click bot to do negative SEO on our CTR for our industry's main term. Is there any way to detect this activity? Background: We've previously been hit by DoS attacks from this competitor, so I'm sure their ethics/morals wouldn't prevent them from doing negative SEO. We sell an insurance product that is only offered through broker networks (insurance agents) not directly by the insurance carriers themselves. However, our suspect competitor (another agency) and insurance carriers are the only ones who rank on the 1st page for our biggest term. I don't think the carrier sites would do very well since they don't even sell the product directly (they have pages w/ info only) Our site and one other agency site pops onto the bottom of page one periodically, only to be bumped back to page 2. I fear they are using a click bot that continuously bounces us out of page 1...then we do well relatively to the other pages on page 2 and naturally earn our way back to page 1, only to be pushed back to page 2 by the negative click seo...is my theory. Is there anything I can do to research whether my theory is right or if I'm just being paranoid?
White Hat / Black Hat SEO | | TheDude0 -
Do searchs bot understand SEF and non SEF url as the same ones ?
I've jsut realized that since almost for ever I use to code first my website using the non sef for internal linkings. It's very convenient as I'm sure that what ever will be the final url the link will always be good. ex: website.com/component1/id=1 Before releasing the website I use extensions to make the url user friendly according the choosen strategy. ex: website.com/component1/id=1 -> website.com/article1.html But I just wondered if google consider both urls as the same ones or if it consider just as a 301 redirection. What do you think is the best to do ?
White Hat / Black Hat SEO | | AymanH0 -
Separate Servers for Humans vs. Bots with Same Content Considered Cloaking?
Hi, We are considering using separate servers for when a Bot vs. a Human lands on our site to prevent overloading our servers. Just wondering if this is considered cloaking if the content remains exactly the same to both the Bot & Human, but on different servers. And if this isn't considered cloaking, will this affect the way our site is crawled? Or hurt rankings? Thanks
White Hat / Black Hat SEO | | Desiree-CP0 -
Being Link Attacked - Should I worry?
Hey, Hope everyone is well. Just a quick question. I hope to get an answer from Google officially (I've asked in their webmaster forums area) but any experience or opinions from the community here would be great. I noticed recently that our site started to get thousands of links from comments in random blogs from all across the web. This is nothing to do with us as we don't "build links". I can only assume it is a competitor trying to get our site hit by the algorithm for a particular search term, as all the anchor text (I estimate about 1,800 links with this anchor text) point to one page on our site that is ranking for that term. I recently removed the website from webmaster tools and re added, due to an unrelated issue about the a video rich snippet not updating, and all the links have just popped up today on there. Is this something I need to worry about? and should I start collecting all these domains and using the disavow tool to block the whole domain of these sites with the comments (some of them seem like genuine sites). There seem to be new ones everyday and it looks to be an ongoing attack as well. Thanks in advance!
White Hat / Black Hat SEO | | JonathanRolande0 -
Negative SEO attack working amazingly on Google.ca
We have a client www.atvandtrailersales.com who recently (March) fell out of the rankings. We checked their backlink file and found over 100 spam links pointing at their website with terms like "uggboots" and "headwear" etc. etc. I submitted a disavow link file, as this was obviously an attack on the website. Since the recent Panda update, the client is back out of the rankings for a majority of keyword phrases. The disavow link file that was submitted back in march has 90% of the same links that are still spamming the website now. I've sent a spam report to Google and nothing has happened. I could submit a new disavow link file, but I'm not sure if this is worth the time. '.'< --Thanks!
White Hat / Black Hat SEO | | SmartWebPros1 -
Web virus attack every second
Hello my wordpress has been constantly attacked every day, files were uploaded and redirections were made to others websites. I instaled sucruri pluggin paying the annual fee, and no result. They keep acessing the web. And i uploading backup security. Know i have instaled OSE wp firewall and seems that they are getting more dificulty accessing and uploading files. But still sending like 40 attacks every day. Is ther any way to stop this? were is some information of the blocked attacks LOGTIME: 2013-02-22 10:58:01 FROM IP: http://whois.domaintools.com/27.153.210.183 REFERRER: http://www.propdental.com/index.php?option=com_registration&task=register LOGTIME: 2013-02-22 10:52:09 FROM IP: http://whois.domaintools.com/2a00:1d70:c01c::69:61 URI: http://www.propdental.com/video//wp-admin.php FROM IP 40 attacks this ip every two seconds: http://whois.domaintools.com/2a00:1d70:c01c::69:61 URI: http://www.propdental.com/video//wp-admin.php ACTION: Blocked LOGTIME: 2013-02-22 10:49:10 FROM IP: http://whois.domaintools.com/103.31.186.82 URI: http://www.propdental.com/ METHOD: GET LOGTIME: 2013-02-22 10:37:10 FROM IP: http://whois.domaintools.com/120.43.11.251 URI: http://www.propdental.com/blog/tag/carillas-de-porcelana-cerinate METHOD: GET USERAGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.95 Safari/537.11 REFERRER: http://www.propdental.com/blog/tag/carillas-de-porcelana-cerinate ACTION: Blocked LOGTIME: 2013-02-22 10:28:52 FROM IP: http://whois.domaintools.com/36.251.43.51 URI: http://www.propdental.com/ METHOD: GET USERAGENT: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4 REFERRER: http://www.buyclassybags.com/
White Hat / Black Hat SEO | | maestrosonrisas0