Malicious bot attack?
-
Several of our websites have experienced a major direct load traffic spike in the last 30 days - roughly 40K new visitors for each site. The bots are emulating IE9 and appear to be hitting our home page and bouncing 100% of the time. The traffic is double our usual volume, or more. Our bounce rates, conversion rate, page views, etc have suffered accordingly. The volume hasn't affected site performance, yet.
Since the traffic is direct load, I can't see this being a negative SEO attack. Plus, our search visibility for everything but our brands is abysmal - there aren't any real rankings to tank.
Our engineers are saying that the IP addresses are diverse, and they aren't seeing any pattern. I also checked GA for traffic locations, and we aren't seeing anything unusual from overseas.It appears that the attack is US based.
Has anyone seen this before?
-
I have been experiencing this on my site as well. Just curious if you were still receiving this kind of traffic since it has been a few months?
Recently there have been one or two times throughout the day where I see a huge spike in direct traffic. As you mentioned, the GA numbers seem to suffer but as long as this does not impact my rankings or site performance I'm not too worried. I too am concerned that this is more than just an annoyance and possibly reason for concern.
I've had other sites show up on GA as sending tons of referral traffic and figured it was just spam, but not sure of the benefit to a spammer of sending ghost direct traffic unless it is some kind of negative SEO attack. Would love to find out.
-
try
http://sucuri.net/website-firewall/
or
Stop bot attack resulting in a more secure website. Stop bots
-
Google analytics has issue with ghost referrals and find out what the referral name is parking in the block it in GA
UA numbers ending in two and three are not effected for some reason
You're hosting company can update software in order to make this stop
hope this helps
Tom
-
I would strongly recommend Cloudflare to address this type of problem. They have massive data on malicious sources and offer tools to mitigate attacks like you're facing.
-
Have you tried digging deeper into the type of browser and OS they're emulating? Chances are you could get a pretty precise block on just their activity if you match up their browser, screen dimension, OS, versions, etc without affecting any other users.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Malicious backlinks
Hello to everyone! We have identified some weird links that are pointing to our site and we are not sure if they are considered malicious backlinks and we should disavow them. Most of them are directories of websites, the most common one is called "Top million domains by alexa" (you can see an example here: www.besafe.in/domain-list-237). Have you ever seen these kind of links before? Are they causing harm to our site? Thank you so much!
White Hat / Black Hat SEO | | xaviplabor0 -
Massive Spam attack against my domain - automate disvow of tld?
We've been getting hundreds of new links from unique domains every day - all the domains follow a pattern like this: www.someword-1f4163e1.space/wiki/Someterm Hundreds... every day. What techniques exist to deal with a prolonged negative seo attack of this type. By the time we can detect and disvow, the damage is done.
White Hat / Black Hat SEO | | sonar0 -
Cloaking/Malicious Code
Does anybody have any experience with software for identifying this sort of thing? I was informed by a team we are working with that our website may have been compromised and I wanted to know what programs people have used to identify cloaking attempts and/or bad code. Thanks everybody!
White Hat / Black Hat SEO | | HashtagHustler0 -
Spamlink attack wat to do
Since today we had a spamlink attack. Just 150 dirty links in one morning and probably more to follow. Last year we also had an attack and we used the disalow. But this domain had a much stronger histrory and a PR of 6. The new domain has an authority (DA36) and PR1. The domain is very valuable and we rank on page on one of the most competitive words. Should I use the disalow tool, or just hope that the spam links don't hurt my ranking. I have some (150) valuable incoming links. Example of bad link: http://lamevabarcelona.com/una-exposicio-ens-guia-per-barcelona/dscn0756/ I think X Rumer/ pingback is used. I hope somebody can help us with this.
White Hat / Black Hat SEO | | remkoallertz0 -
Being Link Attacked - Should I worry?
Hey, Hope everyone is well. Just a quick question. I hope to get an answer from Google officially (I've asked in their webmaster forums area) but any experience or opinions from the community here would be great. I noticed recently that our site started to get thousands of links from comments in random blogs from all across the web. This is nothing to do with us as we don't "build links". I can only assume it is a competitor trying to get our site hit by the algorithm for a particular search term, as all the anchor text (I estimate about 1,800 links with this anchor text) point to one page on our site that is ranking for that term. I recently removed the website from webmaster tools and re added, due to an unrelated issue about the a video rich snippet not updating, and all the links have just popped up today on there. Is this something I need to worry about? and should I start collecting all these domains and using the disavow tool to block the whole domain of these sites with the comments (some of them seem like genuine sites). There seem to be new ones everyday and it looks to be an ongoing attack as well. Thanks in advance!
White Hat / Black Hat SEO | | JonathanRolande0 -
Black Hat Attack! Seeking Help
Hello, For the first time, I think my site has been the victim of a black hat (spam) attack 😞 I have a blog in a competitive niche and my rankings suddenly dropped (from top 3 to top 20). A quick peek at my latest backlinks using Open Site Explorer "Just Discovered" revealed some nasty looking comment spam links with my target keywords posted recently. Of course, I haven't hired anyone to post such links and I haven't done it myself. So my only guess is that a competitor has been generous enough to invest on spamming my site. Questions: 1. How can I confirm if this is in fact a spam attack? 2. Should I worry about this? 3. If so, what is the best way to go about this? Would appreciate any thoughts on this. Thanks in advance! Howard
White Hat / Black Hat SEO | | howardd1 -
Web virus attack every second
Hello my wordpress has been constantly attacked every day, files were uploaded and redirections were made to others websites. I instaled sucruri pluggin paying the annual fee, and no result. They keep acessing the web. And i uploading backup security. Know i have instaled OSE wp firewall and seems that they are getting more dificulty accessing and uploading files. But still sending like 40 attacks every day. Is ther any way to stop this? were is some information of the blocked attacks LOGTIME: 2013-02-22 10:58:01 FROM IP: http://whois.domaintools.com/27.153.210.183 REFERRER: http://www.propdental.com/index.php?option=com_registration&task=register LOGTIME: 2013-02-22 10:52:09 FROM IP: http://whois.domaintools.com/2a00:1d70:c01c::69:61 URI: http://www.propdental.com/video//wp-admin.php FROM IP 40 attacks this ip every two seconds: http://whois.domaintools.com/2a00:1d70:c01c::69:61 URI: http://www.propdental.com/video//wp-admin.php ACTION: Blocked LOGTIME: 2013-02-22 10:49:10 FROM IP: http://whois.domaintools.com/103.31.186.82 URI: http://www.propdental.com/ METHOD: GET LOGTIME: 2013-02-22 10:37:10 FROM IP: http://whois.domaintools.com/120.43.11.251 URI: http://www.propdental.com/blog/tag/carillas-de-porcelana-cerinate METHOD: GET USERAGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.95 Safari/537.11 REFERRER: http://www.propdental.com/blog/tag/carillas-de-porcelana-cerinate ACTION: Blocked LOGTIME: 2013-02-22 10:28:52 FROM IP: http://whois.domaintools.com/36.251.43.51 URI: http://www.propdental.com/ METHOD: GET USERAGENT: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4 REFERRER: http://www.buyclassybags.com/
White Hat / Black Hat SEO | | maestrosonrisas0 -
Yahoo Slurp Bot 3.0 Going Crazy
On one of our sites, since the Summer, Yahoo Slurp bot has been crawling our pages at about 5 times a minute. We have put a crawl delay on it and it does not respect our robots.txt. Now the issue is it's triggering javascript (which bots shouldn't) triggering our adsense, ad server, analytics information, etc. We've thought of banning the bot all together but get a good amount of Yahoo traffic. We've though about programmatic-ly not showing the javascript (ad + analytic) tags but are slightly afraid the Yahoo might consider this cloaking. What are the best practices to deal with this bad bot.
White Hat / Black Hat SEO | | tony-755340