Site under attack from Android SEO bots - expert help needed
-
For last 25 days, we are facing a weird attack on our site.
We are getting 10x the normal mobile traffic - all from Android, searching for our name specifically. We are sure that this is not authentic traffic as the traffic is coming from Organic searches and bouncing off. Initially, we thought this was a DDoS attack, but that does not seem to be the case.
It looks like someone is trying to damage our Google reputation by performing too many searches and bouncing off.
Has any one else faced a similar issue before? What can be done to mitigate the impact on site.
(FYI - we get ~2M visits month on month, 80% from Google organic searches). Any help would be highly appreciated.
-
Just as EGOL describe it.
If you're on Amazon AWS then you can use their CloudFront as CDN. But also you can observe source of traffic. Could coming from one country, one IP range or one user-agent. There should be some kind of pattern and you should investigate it.
Then just need to make rule to block that traffic or just redirect them to one static "hello world" page.
I was also victim of such traffic, but was from humans trying to depleting an AdWords daily budget. Once budget it over ads was stopped showing, after few hours they recalculate clicks, some funds was returned, ads are shown again, they click it, budget is over... and so on.
-
By resetting your DNS to CF, your server is no longer used. All traffic is routed to one of CF's data centers and there are over 100 of them distributed throughout the world.
Also, in the CF settings, you want to "challenge" the visitors from problem countries. This will give them a captcha to complete. When they complete that captcha one time, you can then give them long term access without the challenge. CF will progressively become better at filtering the bots and allowing more trusted visitors in without a challenge.
-
Thanks for your help - this works to a large degree.
Have hit a new challenge though, our AWS servers are in one of these countries which are sending traffic. And we have multiple servers talking to each other enabling Login / other actions on the site.
While I have blocked all the other countries, blocking country with AWS servers is creating problem with Login. Trying to figure this out!
-
If you don't use Firewall, Cloudflare in your situation will have almost no effect.
We used our analytics to determine the countries where the traffic was coming from. Then went into CF FW.
Click the blue Help link for each tool to decide upon the settings that you want to try.
Here is what we used....
Security Level... Medium
Challenge Passage... one day
Access rules.... country name, challenge, this website
Impact of the above.... Many bots already recognized by CF will be blocked. Access rules will present each visitor from those countries a form similar to a captcha. They must pass the captcha to get in.
After you turn this on, watch your short term stats. You should see an increase in blocking.
We ran the above for a few weeks without any obvious SEO impact. Then switched our DNS back to normal, moving away from CF.... but kept the $20/month account and our settings in place. CF was time-consuming to set up.
-
This looks very similar to what we are seeing. We took CloudFlare as well - but stayed with Free account with "Site Under Attack" mode, which should force the visits to verify.
Will it be possible for you to share the settings on CloudFlare? Did you use their Firewall as well? Also, did you see any SEO impact, by any chance?
-
One morning, a few months ago we saw lots of mobile phone traffic building. All was hitting our homepage which is very resource intensive. All of this traffic generated one page view. All of the traffic was coming from a few countries in Asia and Africa. No referrer. Looked like a DDOS attack.
We go to Cloudflare, got a $20/month account, switched DNS to CF, forced untrusted visits from those countries to verify before allowing entry. Squeezed this traffic down to almost nothing within a few hours. Left CF run for a few weeks. Rouge traffic disappeared.
Now we have CF ready to go with all settings in place. Can turn it on in two minutes and have the shield in place as DNS propagates.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Urgent help needed for site move with major ranking loss
URGENT HELP/ADVICE NEEDED I am so stressed and worried about my website domain change. I desperately need advice as soon as possible. I will try my best to keep this as brief as possible. I have owned and operated my punk clothing business online at the URL toofastonline.com for 15 years now. And for a long long time we ranked #1 for punk clothing on Google & life was good. However, thanks to the arrival of several cheap marketplaces and other unanticipated changes our ranking dropped considerably. The last few years have been extremely hard on us, to say the least, we came really close to losing the business altogether. But finally after lots of hard work & long hours, things started to improve. Ranking went back up, and we were busy again. I had been toying with the idea of buying the domain TooFast.com for about 10 years, but I never had the money to do it until this now, so I made the leap and as of Jan 9, toofastonline.com became toofast.com. Unfortunately, I now know that I set up the domain change hastily, without doing any of the pre-work Google suggests to do. I didn’t know it then but I did it wrong. And our site which wasranking #7 for punk clothing on Jan. 8th is now number 51 and today is only Jan 24th! I AM PANICKING. I have looked for help, posting jobs on Shopify Experts site several times now, opening accounts with MOZ and SEM Rush, spending countless hours on the phone with GoDaddy, Shopify and even long chats with Google. I have spent all day everyday for the past two weeks trying fix everything to no avail. No one can start on my site issues fast enough. And I have been given so much wrong information that I feel like I have done irreparable damage. I was (am) not qualified to make this kind of a site change alone. Too much was done too fast and without any real working knowledge Google SEO. My brother was the SEO guy and since he left the business I have just been struggling along with it, just trying to keep my head above water. So now for the big question: Should I temporarily change my Shopify stores domain back to toofastonline.com? This way I couldstart at the beginning, fix all the 404 redirects, fix the 301 redirects, clean up code, get the site in top working condition, and then, as Google suggests in theirGoogle Search Console Change of Address Toolstart to do the change of address in small sections, I can not afford to make any more reckless decisions. I have started and stopped, updated, fixed, changed and tried to fix again too many times now. I dont want Google to think I am trying something shady.. I’m not, I just don’t know what I’m doing, and I need help. Here is as much info as I can think of, I am more than willing to pay for help or do the work myself, as long as what I am doing is the right thing. Any and all help/advice/offers are welcome! Maureen CONTACT DETAILS: NAME: Maureen Keough, Owner EM:<a style="-webkit-text-size-adjust: 100%;">Maureen@TooFast.com</a> PH: 856-599-1675 (W) DETAILS OF OUR SET-UP THE APPS & SERVICES WE USE: Google Admin / G-Suite User Gmail for emails Godaddy holds our domains Shopify hosts our storefront. My Shopify store was located at TooFastOnline.com for about 5 years Our Domain Changed From toofastonline.com to toofast.com on Jan 9 In Godaddy both toofastonline.com is being forwarded to toofast.com In Shopify I added toofast.com, made it my primary domain, but left toofastonline.com in there but it is just redirecting to toofast.com. STEPS TAKEN TO CHANGE | ADD | VERIFY THE NEW DOMAIN GoDaddy DNS Records Both Sites - Updated Pointing to Shopify’s IP Address GoDaddy Subdomains For TooFastOnline.com - Redirected But Causing SSL/HTTPS/Privacy errors GoDaddy Subdomains For TooFast.com - Added But Causing SSL/HTTPS/Privacy errors Google Admin - Updated Gmail MX Records TooFast - Added and Updated Gmail MX Records TooFastOnline - Unchanged Google Merchant Center - Updated TooFastOnline is now TooFast Google Merchant Product Feed- Updated TooFastOnline is now TooFast Google Ads - Finally got the New Feed Approved and It is Working Google Search Console - Updated I Think Sitemaps - Added and Asked To Crawl Google Analytics Added TooFast As A Property Seems To Be Working Google Analytics Tag Updated in Shopify Admin Google Search Console - Requested to Move TooFastOnline.com to TooFast.com, still not done. No Redirects were made prior to the “Move” All Social Media Channels Links were Updated By Us Mailerlite MX Records For Bulk Emails - Updated/Verified
Intermediate & Advanced SEO | | TooFast130 -
Help, no organic traffic recovery after new site launch (it's been 6 months)!
I worked with a team of developers to launch a new site back in March. I was (and still am) in charge of SEO for the site, including combining 4 sites into 1. I made sure 301 redirects were in place to combine the sites and pretty much every SEO tactic I can think of to make sure the site would maintain rankings following launch. However, here we are 6 months later and YoY numbers are down -70% on average for organic traffic. Anyone mind taking a look at http://www.guestguidepublications.com and seeing if there's a glaring mistake I'm missing?!?!?! Thanks ahead of time!
Intermediate & Advanced SEO | | Annapurna-Digital1 -
What do you think about SEO of big sites ?
Hi, I was doing some research of new huge sites for example carstory.com that have over million pages and i notice that many new sites have strong growing for number of keywords and then at some point everything start going down (Image of traffic drop attached) there are no major updates at this time but you can clearly see even on recent kewyords changes that this site start loosing keywords every day , so number of new keywords are much less that lost keywords. How would you explain it ? Is that at some point when site have more than X number of indexed pages then power of domain is not enough to keep all of them at the top and those keywords start dropping ? Please share you opinion and if you have any experience by yourself with huge sites. Thank You very appreciated 2LC3AxE
Intermediate & Advanced SEO | | logoderivv0 -
Site Migration and Traffic Help!
Hi Moz, I recently migrated my website with the help of an SEO company using 301 redirects. The reason for the move was to change our CMS from .aspx to Drupal/Wordpress. The homepage (www.shiftins.com) and the blog (www.shiftins.com/blog) were the only two pages that kept the same url. Everything else was redirected. It's been about two months since the redirects were completed and traffic has dropped off about 90%. I'm starting to worry that something was not done properly and my traffic may never return. The process for the redirects seem correct when I checked the work the SEO company did. All pages were duplicated, redirected to individual pages, then the old pages were de-indexed. Are there any insights the community can provide? Please help!
Intermediate & Advanced SEO | | shictins1 -
Does blocking foreign country IP traffic to site, hurt my SEO / US Google rankings?
I have a website is is only of interest to US visitors. 99% (at least) of Adsense income is from the US. But I'm getting constant attempts by hackers to login to my admin account. I have countermeasures fo combat that and am initiating others. But here's my question: I am considering not allowing any non US, or at least any non-North American, traffic to the site via a Wordpress plugin that does this. I know it will not affect my business negatively, directly. However, are there any ramifications of the Google bots of these blocked countries not being able to access my site? Does it affect the rankings of my site in the US Google searches. At the very least I could block China, Russia and some eastern European countries.
Intermediate & Advanced SEO | | bizzer0 -
Moving career site to new URL from main site. Will it hurt SEO for main page?
For one of our clients we are building a career site and putting it under a different URL and hosting service (mainly due to security concerns of hosting it under the same host and domain). almost 100% of the incoming traffic to their current career section (which it is in a sub-folder) receives traffic for branded keywords (brand + job/career/employment), that is, there are no job position specific keywords. The client is now worried that after moving the site, the inbound traffic to the main site will be severely affected as well as the SERP results. My questions are, will the non-career related SERPs be affected? I don't see how will they be but I could be wrong If no, how could we reassure her that the SEO to the main site wont be affected? are there any case studies of a similar case (splitting part of the website under a new URL and hosting service?) Thank you for your help. PS: this is my first post so please forgive me if this has been asked before. I could not find a good response.
Intermediate & Advanced SEO | | rflores0 -
Site migration from non canonicalized site
Hi Mozzers - I'm working on a site migration from a non-canonicalized site - I am wondering about the best way to deal with that - should I ask them to canonicalize prior to migration? Many thanks.
Intermediate & Advanced SEO | | McTaggart0 -
Multinational SEO
Hi all The situation: We have a .com website that is the core of our business over the last 3 years we have built this into a very sucessful brand. Customers are able to purchase products from our website and have it delivered anywhere in the world. As part of the development of our business we want to obviously rank high within serps regardless of what country our potential customer is from. We understand that we will need to translate much of our website to achieve this and that is something that we have in the pipeline. My question is more aimed at the English speaking countries and how we should optimise our website for these. For example: websitename.com.au and websitename.co.uk were initialy setup as 301 redirects to websitename.com, however, we have now set them up as their own domains which display the exact same content as the .com website. So to clarify the content on websitename.com/product1.html is also on websitename.com.au/product1.html and websitename.co.uk/product1.html What would the best way to ensure that our .com.au and .co.uk gain traction within the appropriate country? Is duplicate content still an issue? All our prices are displayed in USD will this go againts? We use US English (with a sprinkle of chinglish) as our websites copy languange should we change spelling for AU and UK? Does anyone have any case studies and or other reports I can read that may help me find the right solution for us. Thanks Danny
Intermediate & Advanced SEO | | DannyCarter0