Results 1 to 19 of 19

Thread: Weird traffic

  1. #1
    dannyx is offline Public Member
    Join Date
    November 2019
    Posts
    657
    Thanks
    129
    Thanked 167 Times in 134 Posts

    Default Weird traffic

    Maybe someone has a similar problem.

    I have been having a daily increase of about 100% direct traffic for several days. Always the same. A fair amount of increasing traffic, however, too low to be something like DDOS.

    -IOS Chrome Mobile
    - Different countries from different continents
    - Always mobile
    - A visit always equals 9-11 pages visited (but each visit from a country is kind of separate) So each one counts as unique
    - And so, for example, will enter 10 countries with 10 pages each, that's 100 page views
    - I looked at the recordings, it looks like the page is scrolled once half once a little once all the way through, sometimes back, sometimes not.
    - zero clicks

    It is known that these are bots, I use Wordfence Premium, it usually works perfectly.
    I installed Blackhole Bad Bots but it also did not deal with it. Microsoft also does not recognize it as bots.

    Has anyone encountered this kind of unwanted traffic on the site?

  2. #2
    baldidiot is offline Private Member
    Join Date
    January 2010
    Posts
    4,969
    Thanks
    426
    Thanked 2,270 Times in 1,509 Posts

    Default

    Scraping your site maybe? Could just be a bot up to bot things.

    I think blackhole bad bots mainly uses a honey trap to identify bots doesn't it? If so then it'll only catch bots that are crawling it. If it's a bot that's crawling pages based on your sitemap then I don't think it would trigger it (but happy to be corrected if that's not the case).

    Also if they're using clean proxies then things like wordfence etc.. won't necessarily have them in their block lists.

    What's the time frame between the page views from the same IP? If it's quick you could throttle the connection.
    onlinegamblingwebsites.com - Formally known as goodbonusguide.

    Gambling Domains: Small clear out of some of the domains we've been hoarding on Dan - see the list here. Prices negotiable, and willing to swap for decent links.

  3. The Following User Says Thank You to baldidiot For This Useful Post:

    dannyx (5 April 2024)

  4. #3
    wonderpunter's Avatar
    wonderpunter is offline Private Member
    Join Date
    August 2013
    Posts
    3,038
    Blog Entries
    5
    Thanks
    412
    Thanked 1,854 Times in 1,138 Posts

    Default

    most likley ai bot scraping your site


  5. #4
    dannyx is offline Public Member
    Join Date
    November 2019
    Posts
    657
    Thanks
    129
    Thanked 167 Times in 134 Posts

    Default

    Thanks,

    Not the same IPs

    The rule is:
    He enters a page, for example, the main BOT from the IP of Austria after which he goes as if to the next page from another IP also from Austria.

    And in parallel with this Austrian bot, others enter, for example Ukraine, Russia, Switzerland, Vietnam, Thailand and others. Performing the same thing. 10 IPs for each country and 9-10 sites visited.

    Scraping site, do you mean copying? I also think there is such a possibility, I was afraid of it from the beginning and wanted to gain some authority in my niche so that copying would not destroy a young site. At the moment I have some authority and it seems to me that it is enough to not have a problem with it even if it was copying. Although as you know there is a lot of junk in the search engine now, but hope that after the update there will be no more of this.
    Against this is that they visit about 20% of the pages, leaving out some good ones.


    I will wait to see how the situation develops, whether this traffic will disappear in the near future.

    I was also thinking of temporarily blocking a few countries 5-10 of those that are most frequent.

    Or use cloudflare, however it always slowed down my sites( it's weird but I had a few approaches, with the free version)The paid version might be better? Nothing is written about increased performance on their site, or I have not found.

  6. #5
    chaumi is offline Private Member
    Join Date
    October 2013
    Location
    East Midlands
    Posts
    1,499
    Thanks
    502
    Thanked 774 Times in 567 Posts

    Default

    Last couple of days I'm seeing exactly what you're seeing Danny. It's happened in the past, too. Regularly, once a week up to a few months ago. But just died away and now back with a vengeance.

    I never worked out yet exactly what it was, but some form of scraping does seem favorite.

  7. #6
    TheGooner's Avatar
    TheGooner is offline Private Member
    Join Date
    March 2007
    Location
    New Zealand
    Posts
    4,443
    Thanks
    2,055
    Thanked 4,418 Times in 2,106 Posts

    Default

    What is the ip addresses - and which hosting service does that relate to ?
    You can use this to help :
    https://myip.ms/info/whois/

    I don't bother tracking page visits but I do track affiliate clicks. I get regular batches of worldwide visits over a 1-3 minute burst.
    Whenever I look them up it's always just giant server farms

  8. The Following User Says Thank You to TheGooner For This Useful Post:

    dannyx (5 April 2024)

  9. #7
    dannyx is offline Public Member
    Join Date
    November 2019
    Posts
    657
    Thanks
    129
    Thanked 167 Times in 134 Posts

    Default

    Chaumi - at my place it is the first time of this type of bot visits. You have the same and you don't see any negative effects? then I guess I can be calm.

    Gooner - the IP theoretically shows as human but you know it is not so. Although I haven't checked much. Currently I no longer have the ability to check IPs in the software I use to track traffic, so I do it in cpanel, and there I have already confused which IPs of these bots with other requests. Especially since they vary from one to another.

    The only action I took was in the Wordfence options I reduced the number of requests for human and robot visits per minute. To safe according to Wordfence values of 120.

  10. #8
    newcustomeroffer is online now Public Member
    Join Date
    January 2018
    Location
    United Kingdom
    Posts
    889
    Thanks
    135
    Thanked 387 Times in 296 Posts

    Default

    If you're using wordpress then you can configure the Defender Pro plugin to lock out and notify you of IPs that are continually trying to access pages that result in a 404, i.e. they're fishing for vulnerabilities.
    For the latest bookmaker new customer offers visit https://www.newcustomeroffer.co.uk/

  11. #9
    chaumi is offline Private Member
    Join Date
    October 2013
    Location
    East Midlands
    Posts
    1,499
    Thanks
    502
    Thanked 774 Times in 567 Posts

    Default

    Quote Originally Posted by dannyx View Post
    Chaumi - at my place it is the first time of this type of bot visits. You have the same and you don't see any negative effects? then I guess I can be calm.
    Well, I've not seen any obvious negative effects. And it started well over a year ago.

    But you do have to recognize the potential negative effects. For example....hundreds of page hits in a day with no real user interaction - the algorithm(s) could well see that as 'lot's of users hitting the site and not finding what they want' - and ultimately dropping the pages.

    Then again, if the traffic is visible, getting bursts of traffic might be seen as a positive signal.

    In summary, I really don't know

    I don't get enough traffic overall for it to balloon into a bandwidth problem, but for anyone with 'real' high traffic volumes, I guess it has more potential to cause unwanted outcomes.

  12. The Following User Says Thank You to chaumi For This Useful Post:

    dannyx (5 April 2024)

  13. #10
    worthy is offline Private Member
    Join Date
    September 2004
    Location
    Europe
    Posts
    190
    Thanks
    97
    Thanked 36 Times in 18 Posts

    Default

    I got the same type of traffic for a few days. A session of 10 page visit in 1 or two minutes from a certain country. Then 3 hours later the same from another country. All different IPs. Same IOS, and the same resolution.

  14. #11
    dannyx is offline Public Member
    Join Date
    November 2019
    Posts
    657
    Thanks
    129
    Thanked 167 Times in 134 Posts

    Default

    Quote Originally Posted by newcustomeroffer View Post
    If you're using wordpress then you can configure the Defender Pro plugin to lock out and notify you of IPs that are continually trying to access pages that result in a 404, i.e. they're fishing for vulnerabilities.
    Wordfence does exactly the same thing. It's just that this traffic isn't treated as bots etc and Defender probably wouldn't block it either. And manually blocking every IP won't work in such a case anyway.


    Chaumi - Just Bounce Rate is 100% from this traffic, each page displayed from a separate IP is.


    For the time being, this traffic has dropped after the Wordefence blocking requests I wrote about earlier. But it's just as well that the bots are starting the weekend on Friday and will be back anyway. Definitely too short to tell if this action worked.

  15. #12
    universal4's Avatar
    universal4 is offline Forum Administrator
    Join Date
    July 2003
    Location
    Courage is being scared to death...and saddling up anyway. John Wayne
    Posts
    31,572
    Thanks
    3,558
    Thanked 8,637 Times in 5,499 Posts

    Default

    Quote Originally Posted by newcustomeroffer View Post
    If you're using wordpress then you can configure the Defender Pro plugin to lock out and notify you of IPs that are continually trying to access pages that result in a 404, i.e. they're fishing for vulnerabilities.
    As Danny mention wordfence can do this also.
    This can also be done with WP Cerber, and with it you can set to be a permanent block or add to block list for a time frame, which you could consider as an option.

    Guessing All In One security also has this function, been a while since I used it.

    This keeps the temporary block list from bloating too much and often some bot traffic (looking for vulnerabilities) will cease after being blocked for a certain time frame.

    Rick
    Universal4

  16. The Following User Says Thank You to universal4 For This Useful Post:

    Cash Bonus (6 April 2024)

  17. #13
    dannyx is offline Public Member
    Join Date
    November 2019
    Posts
    657
    Thanks
    129
    Thanked 167 Times in 134 Posts

    Default

    Since I wrote about Wordfence settings, this traffic has decreased by 80%. That's 1.5 days, but the trend was upward movement of these bots, now it has dropped sharply. I don't prejudge whether it worked or whether the bots will return.

    Wordfence recognizes that setting 120 rows per minute for human and robots is safe and useful. You can set less 60,30 etc but there is an alert that this can be problematic and 120 is a good global setting. We will see hopefully it will work.

    By the way of the topic. Sometimes it is said safety is never too much. On the other hand, it doesn't make sense to have duplicate solutions, although it's not said that they are duplicate either.
    Usually it's good to have one type of plugin each, one page builder, one optimization plugin and theoretically one security. But are they really?
    Searching forums and blogs, I find different schools and opinions on the subject. How do you guys do it? (Of course, security is not only plugins but also 100 other issues from the backend, but we are talking about plugins now)
    I'm wondering whether to uninstall the lauded Blachole bad bots plugin and Jeff Starr's bbq firewall which are getting great reviews, having Wordfence. I see that these plugins are lightweight, they do not load the site. Or can I leave it and somehow these plugins complement each other.

  18. The Following User Says Thank You to dannyx For This Useful Post:

    universal4 (6 April 2024)

  19. #14
    chaumi is offline Private Member
    Join Date
    October 2013
    Location
    East Midlands
    Posts
    1,499
    Thanks
    502
    Thanked 774 Times in 567 Posts

    Default

    My rubbish traffic dried up yesterday, around mid afternoon. That's what normally happens, though this time it was a lot more hits over a longer timeframe than in the past. If it's back to how it was about 6 months ago, I expect to see the same around next Thursday.

  20. #15
    dannyx is offline Public Member
    Join Date
    November 2019
    Posts
    657
    Thanks
    129
    Thanked 167 Times in 134 Posts

    Default

    Quote Originally Posted by chaumi View Post
    My rubbish traffic dried up yesterday, around mid afternoon. That's what normally happens, though this time it was a lot more hits over a longer timeframe than in the past. If it's back to how it was about 6 months ago, I expect to see the same around next Thursday.
    That is, it is not due to Wordfence but simply the bots have a break. U less from Tuesday increasing with the highest level on Thursday, on Friday already minimally. If it returns, Tuesday evening or Wednesday morning at the latest it will be visible.

    What level of this traffic do you have on Thursdays?

  21. #16
    chaumi is offline Private Member
    Join Date
    October 2013
    Location
    East Midlands
    Posts
    1,499
    Thanks
    502
    Thanked 774 Times in 567 Posts

    Default

    Quote Originally Posted by dannyx View Post
    What level of this traffic do you have on Thursdays?
    Well this last Thursday I'd say it was around 200 individual 'visits'. In the past, it's been more like between 70 and 100.

  22. The Following User Says Thank You to chaumi For This Useful Post:

    dannyx (7 April 2024)

  23. #17
    universal4's Avatar
    universal4 is offline Forum Administrator
    Join Date
    July 2003
    Location
    Courage is being scared to death...and saddling up anyway. John Wayne
    Posts
    31,572
    Thanks
    3,558
    Thanked 8,637 Times in 5,499 Posts

    Default

    Danny,

    Tough call on whether to remove some of the plugins, although if they overlap function it seems illogical to keep them. You could always disable them temporarily and then study the effects if any. If after a certain time frame you see no reason to enable them, at that point you can decide if keeping them makes sense.

    As for the bots following specific patterns of days. If the same bots are running on the same days or time frames each week, why not block them, if in fact they are not leading to traffic.

    Are they competitors running bots studying your site?
    Are they bots scraping your content? (if #1 is correct #2 is IMO )
    Are they bots by some search engine whether known or not?
    Are they bots search for stolen content like copyscape or others?

    One could argue that they are just link type or seo bots like Moz, Majestic, Ahrefs, Semrush. IMO that fits in to #1 and #2

    Rick
    Universal4

  24. The Following User Says Thank You to universal4 For This Useful Post:

    dannyx (7 April 2024)

  25. #18
    dannyx is offline Public Member
    Join Date
    November 2019
    Posts
    657
    Thanks
    129
    Thanked 167 Times in 134 Posts

    Default

    Quote Originally Posted by chaumi View Post
    Well this last Thursday I'd say it was around 200 individual 'visits'. In the past, it's been more like between 70 and 100.
    This is exactly the same as in my case.


    Universal - as far as I can see, most plugins use the same bot databases, so they block basically the same bots. And on the contrary, they don't block the same ones either. On top of that, I see that Blackhole Bad Bots, for example, does not work with caching. But fact, it's best to do tests.

  26. The Following User Says Thank You to dannyx For This Useful Post:

    universal4 (7 April 2024)

  27. #19
    dannyx is offline Public Member
    Join Date
    November 2019
    Posts
    657
    Thanks
    129
    Thanked 167 Times in 134 Posts

    Default

    Expected more visits from this unwanted traffic, especially on Thursday, fortunately it did not return to my site in this week. How about you, people who had the same thing a week ago.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •