Weird traffic

[dannyx]

Maybe someone has a similar problem.

I have been having a daily increase of about 100% direct traffic for several days. Always the same. A fair amount of increasing traffic, however, too low to be something like DDOS.

-IOS Chrome Mobile
- Different countries from different continents
- Always mobile
- A visit always equals 9-11 pages visited (but each visit from a country is kind of separate) So each one counts as unique
- And so, for example, will enter 10 countries with 10 pages each, that's 100 page views
- I looked at the recordings, it looks like the page is scrolled once half once a little once all the way through, sometimes back, sometimes not.
- zero clicks

It is known that these are bots, I use Wordfence Premium, it usually works perfectly.
I installed Blackhole Bad Bots but it also did not deal with it. Microsoft also does not recognize it as bots.

Has anyone encountered this kind of unwanted traffic on the site?

[baldidiot]

Scraping your site maybe? Could just be a bot up to bot things.

I think blackhole bad bots mainly uses a honey trap to identify bots doesn't it? If so then it'll only catch bots that are crawling it. If it's a bot that's crawling pages based on your sitemap then I don't think it would trigger it (but happy to be corrected if that's not the case).

Also if they're using clean proxies then things like wordfence etc.. won't necessarily have them in their block lists.

What's the time frame between the page views from the same IP? If it's quick you could throttle the connection.

[wonderpunter]

most likley ai bot scraping your site

[dannyx]

Thanks,

Not the same IPs

The rule is:
He enters a page, for example, the main BOT from the IP of Austria after which he goes as if to the next page from another IP also from Austria.

And in parallel with this Austrian bot, others enter, for example Ukraine, Russia, Switzerland, Vietnam, Thailand and others. Performing the same thing. 10 IPs for each country and 9-10 sites visited.

Scraping site, do you mean copying? I also think there is such a possibility, I was afraid of it from the beginning and wanted to gain some authority in my niche so that copying would not destroy a young site. At the moment I have some authority and it seems to me that it is enough to not have a problem with it even if it was copying. Although as you know there is a lot of junk in the search engine now, but hope that after the update there will be no more of this.
Against this is that they visit about 20% of the pages, leaving out some good ones.


I will wait to see how the situation develops, whether this traffic will disappear in the near future.

I was also thinking of temporarily blocking a few countries 5-10 of those that are most frequent.

Or use cloudflare, however it always slowed down my sites( it's weird but I had a few approaches, with the free version)The paid version might be better? Nothing is written about increased performance on their site, or I have not found.

[chaumi]

Last couple of days I'm seeing exactly what you're seeing Danny. It's happened in the past, too. Regularly, once a week up to a few months ago. But just died away and now back with a vengeance.

I never worked out yet exactly what it was, but some form of scraping does seem favorite.

[TheGooner]

What is the ip addresses - and which hosting service does that relate to ?
You can use this to help :
https://myip.ms/info/whois/

I don't bother tracking page visits but I do track affiliate clicks. I get regular batches of worldwide visits over a 1-3 minute burst.
Whenever I look them up it's always just giant server farms

[dannyx]

Chaumi - at my place it is the first time of this type of bot visits. You have the same and you don't see any negative effects? then I guess I can be calm.

Gooner - the IP theoretically shows as human but you know it is not so. Although I haven't checked much. Currently I no longer have the ability to check IPs in the software I use to track traffic, so I do it in cpanel, and there I have already confused which IPs of these bots with other requests. Especially since they vary from one to another.

The only action I took was in the Wordfence options I reduced the number of requests for human and robot visits per minute. To safe according to Wordfence values of 120.

[newcustomeroffer]

If you're using wordpress then you can configure the Defender Pro plugin to lock out and notify you of IPs that are continually trying to access pages that result in a 404, i.e. they're fishing for vulnerabilities.

[chaumi]

Chaumi - at my place it is the first time of this type of bot visits. You have the same and you don't see any negative effects? then I guess I can be calm.

Well, I've not seen any obvious negative effects. And it started well over a year ago.

But you do have to recognize the potential negative effects. For example....hundreds of page hits in a day with no real user interaction - the algorithm(s) could well see that as 'lot's of users hitting the site and not finding what they want' - and ultimately dropping the pages.

Then again, if the traffic is visible, getting bursts of traffic might be seen as a positive signal.

In summary, I really don't know

I don't get enough traffic overall for it to balloon into a bandwidth problem, but for anyone with 'real' high traffic volumes, I guess it has more potential to cause unwanted outcomes.

[worthy]

I got the same type of traffic for a few days. A session of 10 page visit in 1 or two minutes from a certain country. Then 3 hours later the same from another country. All different IPs. Same IOS, and the same resolution.

[dannyx]

If you're using wordpress then you can configure the Defender Pro plugin to lock out and notify you of IPs that are continually trying to access pages that result in a 404, i.e. they're fishing for vulnerabilities.

Wordfence does exactly the same thing. It's just that this traffic isn't treated as bots etc and Defender probably wouldn't block it either. And manually blocking every IP won't work in such a case anyway.


Chaumi - Just Bounce Rate is 100% from this traffic, each page displayed from a separate IP is.


For the time being, this traffic has dropped after the Wordefence blocking requests I wrote about earlier. But it's just as well that the bots are starting the weekend on Friday and will be back anyway. Definitely too short to tell if this action worked.

[universal4]

If you're using wordpress then you can configure the Defender Pro plugin to lock out and notify you of IPs that are continually trying to access pages that result in a 404, i.e. they're fishing for vulnerabilities.

As Danny mention wordfence can do this also.
This can also be done with WP Cerber, and with it you can set to be a permanent block or add to block list for a time frame, which you could consider as an option.

Guessing All In One security also has this function, been a while since I used it.

This keeps the temporary block list from bloating too much and often some bot traffic (looking for vulnerabilities) will cease after being blocked for a certain time frame.

Rick
Universal4

[dannyx]

Since I wrote about Wordfence settings, this traffic has decreased by 80%. That's 1.5 days, but the trend was upward movement of these bots, now it has dropped sharply. I don't prejudge whether it worked or whether the bots will return.

Wordfence recognizes that setting 120 rows per minute for human and robots is safe and useful. You can set less 60,30 etc but there is an alert that this can be problematic and 120 is a good global setting. We will see hopefully it will work.

By the way of the topic. Sometimes it is said safety is never too much. On the other hand, it doesn't make sense to have duplicate solutions, although it's not said that they are duplicate either.
Usually it's good to have one type of plugin each, one page builder, one optimization plugin and theoretically one security. But are they really?
Searching forums and blogs, I find different schools and opinions on the subject. How do you guys do it? (Of course, security is not only plugins but also 100 other issues from the backend, but we are talking about plugins now)
I'm wondering whether to uninstall the lauded Blachole bad bots plugin and Jeff Starr's bbq firewall which are getting great reviews, having Wordfence. I see that these plugins are lightweight, they do not load the site. Or can I leave it and somehow these plugins complement each other.

[chaumi]

My rubbish traffic dried up yesterday, around mid afternoon. That's what normally happens, though this time it was a lot more hits over a longer timeframe than in the past. If it's back to how it was about 6 months ago, I expect to see the same around next Thursday.

[dannyx]

My rubbish traffic dried up yesterday, around mid afternoon. That's what normally happens, though this time it was a lot more hits over a longer timeframe than in the past. If it's back to how it was about 6 months ago, I expect to see the same around next Thursday.

That is, it is not due to Wordfence but simply the bots have a break. U less from Tuesday increasing with the highest level on Thursday, on Friday already minimally. If it returns, Tuesday evening or Wednesday morning at the latest it will be visible.

What level of this traffic do you have on Thursdays?

[chaumi]

What level of this traffic do you have on Thursdays?

Well this last Thursday I'd say it was around 200 individual 'visits'. In the past, it's been more like between 70 and 100.

[universal4]

Danny,

Tough call on whether to remove some of the plugins, although if they overlap function it seems illogical to keep them. You could always disable them temporarily and then study the effects if any. If after a certain time frame you see no reason to enable them, at that point you can decide if keeping them makes sense.

As for the bots following specific patterns of days. If the same bots are running on the same days or time frames each week, why not block them, if in fact they are not leading to traffic.

Are they competitors running bots studying your site?
Are they bots scraping your content? (if #1 is correct #2 is IMO )
Are they bots by some search engine whether known or not?
Are they bots search for stolen content like copyscape or others?

One could argue that they are just link type or seo bots like Moz, Majestic, Ahrefs, Semrush. IMO that fits in to #1 and #2

Rick
Universal4

[dannyx]

Well this last Thursday I'd say it was around 200 individual 'visits'. In the past, it's been more like between 70 and 100.

This is exactly the same as in my case.


Universal - as far as I can see, most plugins use the same bot databases, so they block basically the same bots. And on the contrary, they don't block the same ones either. On top of that, I see that Blackhole Bad Bots, for example, does not work with caching. But fact, it's best to do tests.

[dannyx]

Expected more visits from this unwanted traffic, especially on Thursday, fortunately it did not return to my site in this week. How about you, people who had the same thing a week ago.