Malicious bot attack?
-
Several of our websites have experienced a major direct load traffic spike in the last 30 days - roughly 40K new visitors for each site. The bots are emulating IE9 and appear to be hitting our home page and bouncing 100% of the time. The traffic is double our usual volume, or more. Our bounce rates, conversion rate, page views, etc have suffered accordingly. The volume hasn't affected site performance, yet.
Since the traffic is direct load, I can't see this being a negative SEO attack. Plus, our search visibility for everything but our brands is abysmal - there aren't any real rankings to tank.
Our engineers are saying that the IP addresses are diverse, and they aren't seeing any pattern. I also checked GA for traffic locations, and we aren't seeing anything unusual from overseas.It appears that the attack is US based.
Has anyone seen this before?
-
I have been experiencing this on my site as well. Just curious if you were still receiving this kind of traffic since it has been a few months?
Recently there have been one or two times throughout the day where I see a huge spike in direct traffic. As you mentioned, the GA numbers seem to suffer but as long as this does not impact my rankings or site performance I'm not too worried. I too am concerned that this is more than just an annoyance and possibly reason for concern.
I've had other sites show up on GA as sending tons of referral traffic and figured it was just spam, but not sure of the benefit to a spammer of sending ghost direct traffic unless it is some kind of negative SEO attack. Would love to find out.
-
try
http://sucuri.net/website-firewall/
or
Stop bot attack resulting in a more secure website. Stop bots
-
Google analytics has issue with ghost referrals and find out what the referral name is parking in the block it in GA
UA numbers ending in two and three are not effected for some reason
You're hosting company can update software in order to make this stop
hope this helps
Tom
-
I would strongly recommend Cloudflare to address this type of problem. They have massive data on malicious sources and offer tools to mitigate attacks like you're facing.
-
Have you tried digging deeper into the type of browser and OS they're emulating? Chances are you could get a pretty precise block on just their activity if you match up their browser, screen dimension, OS, versions, etc without affecting any other users.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Inbound links with malicious anchor text. Negative seo attack
Hi, What to do with more than 300 links with a malicious anchor text that has nothing to do with my content. I am disavowing those links for the last 5 years. Some of them are directed to URLs that have been changed more than 8 years ago. How can I block this malicious behavior? Thanks in advance
White Hat / Black Hat SEO | | Arlinaite470 -
Malicious links on our site indexed by Google but only visible to bots
We've been suffering from some very nasty black hat seo. In Google's index, our pages show external links to various pharmaceutical websites, but our actual live pages don't show them. It seems as though only certain user-agents see the malicious links. Setting up Screaming Frog SEO crawler using the Googlebot user agent also sees the malicious links. Any idea what could have caused this or how this can be stopped? We scanned all files on our webserver and couldn't find any of malicious links. We've changed our FTP and CMS passwords, is there anything else we can do? Thanks in advance!
White Hat / Black Hat SEO | | SEO-Bas0 -
Malicious bots
I was looking at some recommended keywords and felt sick to my stomach when I saw ilovevitaly.com search shell, resellerclub scam and a few more. | 2. | | 28(2.29%)ilovevitaly.com search shell | 0.00% | 0(0.00%) | 42.86% | 1.75 | 00:10:13 | 0.00% | 0(0.00%) | $0.00(0.00%) |
White Hat / Black Hat SEO | | BlueprintMarketing
| | 3. | resellerclub scam | I believe I have found the multiple IP addresses in which they're coming from and when I say many I mean I found 200 or so. There from different C blocks so they're very difficult to block easily without blocking legitimate traffic. I'm using a couple of different web application firewalls with the ability to block it pretty much anything. Does anyone have any device on doing this in a manner that might be more efficient than what I'm doing.I definitely do not want Google to think this is something that I did and penalize somebody this would be horrible. The site is going through Sucuri.net to be cleaned of any possible infection right now I do not know how this happened but zero day attacks are unfortunately a very real reality and unfortunately it could've been 1 million things. Thanks a million guys. I appreciate your help,
Tom0 -
Cloaking/Malicious Code
Does anybody have any experience with software for identifying this sort of thing? I was informed by a team we are working with that our website may have been compromised and I wanted to know what programs people have used to identify cloaking attempts and/or bad code. Thanks everybody!
White Hat / Black Hat SEO | | HashtagHustler0 -
I'm Getting Attacked, What Can I Do?
I recently noticed a jump in my Crawl Errors in Google Webmaster Tools. Upon further investigation I found hundreds of the most spammy web pages I've ever seen pointing to my domain (although all going to 404 errors): http://blurchelsanog1980.blog.com/ http://lenitsky.wordpress.com/ These are all created within the last week. A. What the hell is going on? B. Should I be very concerned? (because they are 404 errors) C. What should my next steps be? Any help would be greatly appreciated.
White Hat / Black Hat SEO | | CleanEdisonInc0 -
Correct way to block search bots momentarily... HTTP 503?
Hi, What is the best way to block googlebot etc momentarily? For example, if I am implementing a programming update to our magento ecommerce platform and am unsure of the results and potential layout/ file changes that may impact SEO (Googlebot continuously spiders our site) How can you block the bots for like 30 mins or so? Thanks
White Hat / Black Hat SEO | | bjs20100 -
Victim of Negative SEO - Can I Redirect the Attacked Page to an External Site?
My site has been a victim of Negative SEO. During the course of 3 weeks, I have received over 3000 new backlinks from 200 referring domains (based on Ahref report). All links are pointing to just 1 page (all other pages within the site are unaffected). I have already disavowed as many links as possible from Ahref report, but is that all I can do? What if I continue to receive bad backlinks? I'm thinking of permanently redirecting the affected page to an external website (a dummy site), and hope that all the juice from the bad backlinks will be transferred to that site. Do you think this would be a good practice? I don't care much about keeping the affected page on my site, but I want to make sure the bad backlinks don't affect the entire site. The bad backlinks started to come in around 3 weeks ago and the rankings haven't been affected yet. The backlinks are targeting one single keyword and are mostly comment backlinks and trackbacks. Would appreciate any suggestions 🙂 Howard
White Hat / Black Hat SEO | | howardd0 -
Is OSE data reliable and removal of malicious inbound links?
I ran a report on my site (www.rentscouter.com) using OSE and it is reporting some very strange inbound links like: anchor text = Megan http://www.newswire.ca/en/releases/mmnr/smr/Paul_Henderson_Interview_Full_Clip_REVISED.f4v?m=pc&a=bookmarkList.view&target_user_id=1&search_type=tag&keyword=蒲田・大森・羽田周辺 http://www.newswire.ca/en/releases/mmnr/smr/Paul_Henderson_Interview_Full_Clip_REVISED.f4v?m=pc&a=bookmarkList.view&target_user_id=1&search_type=tag&keyword=熱闘!甲子園%2F高校野球ゲーム http://www.hawkeyesports.com/photos/schools/stan/sport/m-baskbl/04-05action/Thumbs.db?pages10=10&size=9?pk=1 anchor text = Alexa's Mom http://www.lg.com/it/products/documents/LE8800.epk?action=view&pageId=214&start=69164 http://www.michigan.gov/documents/techtalk/SEM-0601_191695_7.dot?blogname=mahdid&sub=5&tpl=0 anchor text = http://fansofdavid.com/wp-content/uploads/2011/03/4v5sh3k1.htm?seccion=busqarag_s&busq=Huesos&?seccion=basearag_c&id=3&?seccion=busqarag_s&busq=Huesos&?seccion=basearag_c&id=3&_pagi_pg=596 However, none of these seem to show up in my Google Webmaster account. And generally when I go to some of these links I can't find any reference to my site - is the OSE data bad or are these really shady links someone is building to knock down my site? What is showing up in GWT are a bunch of growing crappy links that redirect to some advertising site - does anyone know of a way to get these removed by Google as I doubt I'm going have any luck trying to contact the owner(s) of these sites: |
White Hat / Black Hat SEO | | BoulderJoe
http://harleydavidsonjacket.org/article/252213-best_penis_enlargement_methods.htm |
|http://harleydavidsonjacket.org/article/252426-plumbers_and_gasfitters_needed_urgently.htm |
|http://harleydavidsonjacket.org/article/252451-the_importance_of_plumbers_and_more.htm |
|http://harleydavidsonjacket.org/article/253039-football_betting_systems_can_they_be_profitable.htm |
|http://harleydavidsonjacket.org/article/253131-my_teen_wants_to_know_how_sex_was_and_is_for_me_what_do_i_say.htm |
|http://harleydavidsonjacket.org/article/254364-why_marriage_counseling_is_good_for_you.htm |
|http://harleydavidsonjacket.org/article/254449-herpes_dating_service_what_is_it.htm |
Yes, I know Google will theoretically and maybe eventually "ignore" such links, but that will be on Google time 4 weeks or 4 years - who knows. Plus, with a younger site with a thinner link profile - anything like the links above can't be helping me......
I'm trying to figure out why my site keeps bouncing between #5 and #255 for specific keywords and determining if I have a google penalty which is being discussed in this thread:
http://www.seomoz.org/q/help-with-diagnosing-google-penalty
0