Site under attack from Android SEO bots - expert help needed
-
For last 25 days, we are facing a weird attack on our site.
We are getting 10x the normal mobile traffic - all from Android, searching for our name specifically. We are sure that this is not authentic traffic as the traffic is coming from Organic searches and bouncing off. Initially, we thought this was a DDoS attack, but that does not seem to be the case.
It looks like someone is trying to damage our Google reputation by performing too many searches and bouncing off.
Has any one else faced a similar issue before? What can be done to mitigate the impact on site.
(FYI - we get ~2M visits month on month, 80% from Google organic searches). Any help would be highly appreciated.
-
Just as EGOL describe it.
If you're on Amazon AWS then you can use their CloudFront as CDN. But also you can observe source of traffic. Could coming from one country, one IP range or one user-agent. There should be some kind of pattern and you should investigate it.
Then just need to make rule to block that traffic or just redirect them to one static "hello world" page.
I was also victim of such traffic, but was from humans trying to depleting an AdWords daily budget. Once budget it over ads was stopped showing, after few hours they recalculate clicks, some funds was returned, ads are shown again, they click it, budget is over... and so on.
-
By resetting your DNS to CF, your server is no longer used. All traffic is routed to one of CF's data centers and there are over 100 of them distributed throughout the world.
Also, in the CF settings, you want to "challenge" the visitors from problem countries. This will give them a captcha to complete. When they complete that captcha one time, you can then give them long term access without the challenge. CF will progressively become better at filtering the bots and allowing more trusted visitors in without a challenge.
-
Thanks for your help - this works to a large degree.
Have hit a new challenge though, our AWS servers are in one of these countries which are sending traffic. And we have multiple servers talking to each other enabling Login / other actions on the site.
While I have blocked all the other countries, blocking country with AWS servers is creating problem with Login. Trying to figure this out!
-
If you don't use Firewall, Cloudflare in your situation will have almost no effect.
We used our analytics to determine the countries where the traffic was coming from. Then went into CF FW.
Click the blue Help link for each tool to decide upon the settings that you want to try.
Here is what we used....
Security Level... Medium
Challenge Passage... one day
Access rules.... country name, challenge, this website
Impact of the above.... Many bots already recognized by CF will be blocked. Access rules will present each visitor from those countries a form similar to a captcha. They must pass the captcha to get in.
After you turn this on, watch your short term stats. You should see an increase in blocking.
We ran the above for a few weeks without any obvious SEO impact. Then switched our DNS back to normal, moving away from CF.... but kept the $20/month account and our settings in place. CF was time-consuming to set up.
-
This looks very similar to what we are seeing. We took CloudFlare as well - but stayed with Free account with "Site Under Attack" mode, which should force the visits to verify.
Will it be possible for you to share the settings on CloudFlare? Did you use their Firewall as well? Also, did you see any SEO impact, by any chance?
-
One morning, a few months ago we saw lots of mobile phone traffic building. All was hitting our homepage which is very resource intensive. All of this traffic generated one page view. All of the traffic was coming from a few countries in Asia and Africa. No referrer. Looked like a DDOS attack.
We go to Cloudflare, got a $20/month account, switched DNS to CF, forced untrusted visits from those countries to verify before allowing entry. Squeezed this traffic down to almost nothing within a few hours. Left CF run for a few weeks. Rouge traffic disappeared.
Now we have CF ready to go with all settings in place. Can turn it on in two minutes and have the shield in place as DNS propagates.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Site Migration Question - Do I Need to Preserve Links in Main Menu to Preserve Traffic or Can I Simply Link to on Each Page?
Hi There We are currently redesigning the following site https://tinyurl.com/y37ndjpn The local pages links in the main menu do provide organic search traffic. In order to preserve this traffic, would be wise to preserve these links in the main menu? Or could we have a secondary menu list (perhaps in the header or footer), featured on every page, which links to these pages? Many Thanks In Advance for Responses
Intermediate & Advanced SEO | | ruislip180 -
Do I need to put the company name in the SEO Title box in Yoast?
I am optimizing Title Tags for a WP site. I am getting ready to add keywords to the Yoast SEO. I noticed the long company name is currently the Title Tag - I choose 2-3 keyword phases per page- what do I do with the long business name? In my own site I can post up 70 characters of keywords in the Title box and my company name appears after a pipe in the browser with my the keywords ahead of it? As Follow on my Site: Title, Tilte, Title - Company Name. Thank you! Joe
Intermediate & Advanced SEO | | Joseph.Lusso1 -
Merging Two Unrelated Sites into a Third Site
We have a new client interested in possibly merging 2 sites into one under the brand of a new parent company. Here's a breakdown of the scenario..... BrandA.com sells a variety of B2B widget-services via their online store. BrandB.com sells a variety of B2B thing-a-majig products and services (some of them large in size) not sold through an online store. These are sold more consultatively via a sales team. The new parent company, BrandA-B.com is considering combining the two sites under the new brand parent company domain. The Widget-services and Thing-A-Majigs have very little similarity or purchase crossover; so just because you're interested in one doesn't make you a good candidate for the other. We feel pretty confident that we can round-up all the necessary pages and inbound links to do proper transitioning to a new, separate third domain though we're not in agreement that this is the best course of action. Currently the individual brand sites are fairly well known in their industry and each ranks fairly well for a variety of important terms though there is room for improvement and each site has good links with the exception of the new site which has considerably fewer. BrandA.com DA = 73 - 19 years old
Intermediate & Advanced SEO | | OPM
BrandB.com DA = 55 - 18 years old
BrandA-B.com DA = 40 - 1 year old Our SEO team members have opinions on what the potential outcome(s) of this would be but are wondering what the community here thinks. Will the combining of the sites cause a dilution of the topics of the two sites and hurt rankings? Will the combining of the domain authority help one set part of the business but hurt the other? What do you think? What would you do?0 -
Any SEO penalties for hosting a site on a sub-domain.
Hi, A client of ours has previously been hosting their main website on a sub-domain of their primary URL. They currently have a training application being hosted on the main domain. They also currently have a redirect in place so when you go to www.xzy.com, you're redirected to xzy.xzy.com. If need need to stick with this set-up for the website relaunch later this month, my question is: are there any SEO drawbacks to having the entire site hosted on a sub-domain? Should we fight to get the training application off the main domain, at which point we can host everything on the main domain? Many thanks! Dan
Intermediate & Advanced SEO | | ThisisPlanB0 -
Why are these sites outranking me?
I am trying to rank for the phrase "a link between worlds walkthrough" I am on page 1 but there are several results that just outranks me and I cannot see any reason that they would be doing so. My site is hiddentriforce.com/a-link-between-worlds/walkthrough/ For that page I have 5 linking domains, varied anchor text that spans from things like "here" to a variety of related phrases. All of the links come from really good sites My page has 1400 likes, 90 shares, and about 20 each in tweets and +'s DA of 44 PA of 37 The 4 and 5 ranked sites both have WAY less social interactions, lower PA and DA, less links, etc Yet they outrank me why?
Intermediate & Advanced SEO | | Atomicx0 -
Will pages irrelevant to a site's core content dilute SEO value of core pages?
We have a website with around 40 product pages. We also have around 300 pages with individual ingredients used for the products and on top of that we have some 400 pages of individual retailers which stock the products. Ingredient pages have same basic short info about the ingredients and the retail pages just have the retailer name, adress and content details. Question is, should I add noindex to all the ingredient and or retailer pages so that the focus is entirely on the product pages? Thanks for you help!
Intermediate & Advanced SEO | | ArchMedia0 -
Large Site SEO - Dev Issue Forcing URL Change - 301, 302, Block, What To Do?
Hola, Thanks in advance for reading and trying to help me out. A client of mine recently created a large scale company directory (500k+ pages) in Drupal v6 while the "marketing" type pages of their site was still in manual hard-coded HTML. They redesigned their "marketing" pages, but used Drual v7. They're now experiencing server conflicts with both instances of Drupal not allowing them to communicate/be on the same server. Eventually the directory will be upgraded to Drupal v7, but could take weeks to months the client does not want to wait for the re-launch. The client wants to push the new marketing site live, but also does not want to ruin the overall SEO value of the directory and have a few options, but I'm looking to help guide them down the path of least resistance: Option 1: Move the company directory onto a subdomain and the "marketing site" on the www. subdomain. Client gets to push their redesign live, but large scale 301s to the directory cause major issues in terms of shaking up the structure of the site causing ripple effects into getting pulled out of the index for days to weeks. Rankings and traffic drop, subdomain authority gets lost and the company directory health looks bad for weeks to months. However, 301 maintains partial SEO value and some long tail traffic still exists. Once the directory gets moved to Drupal v7, the directory will then cancel the 301 to the subdomain and revert back to original www. subdomain URLs Option 2: Block the company directory from search engines with robots.txt and meta instructions, essentially cutting off the floodgates from the established marketing pages. No major scaling 301 ripple effect, directory takes a few weeks to filter out of the index, traffic is completely lost, however once drupal v7 gets upgraded and the directory is then re-opened, directory will then slowly gain back SEO value to get close to old rankings, traffic, etc. Option 3: 302 redirect? Lose all accumulate SEO value temporarily... hmm Option 4: Something else? As you can see, this is not an ideal situation. However, a decision has to be made and I'm looking to chose the lesser of evils. Any help is greatly appreciated. Thanks again -Chris
Intermediate & Advanced SEO | | Bacon0 -
Questions about turning my wordpress site into an ecommerce site. Experience needed.
I have a wordpress site that is about a product that is now getting some great traffic. Right now It has affiliate stuff on it. I want to sell my own product so I will be turning this wordpress site into an ecommerce site. I want to redesign it so I am not looking for simple plugins to just add a cart. The part I am really confused about is what to do with my posts and categories? How does that work when turning this site into an ecommerce site? Lets say the site is "hats for adults" My post pages are things like "funny hats for adults", "hats for adult men" etc etc. Would I turn these posts pages into like category pages that have a category of products. Or should I create real categories and have my developer turn those into the ecommerce category pages and then redirect my posts to those categories? Maybe I don't even know what I am talking about. Is this even making sense? This is a small site (5posts and 1 category) and most of the traffic will come from the homepage keywords anyways.
Intermediate & Advanced SEO | | PEnterprises0