With the end of the month comes the monthly traffic reports for your websites. While going through your site visits you see a spike in numbers. What do you attribute this spike to? A popular new blog post? A viral video? Or has your website been the victim of spiders and bots?
Unfortunately, the bots are the most likely source of your spike in numbers. But how do you tell the difference? There are a few things you can look out for.
- A spike in direct visits
- The landing page is specified only as /
- 1 view per session
- 0 second average session time
- Bounce rate close to 100%
Usually, these bots are coming from a malicious source, but don’t do any/much damage to your site, only skew the data for the monthly report. What these bots are actually trying to do can include credential stuffing, content scraping and spamming.
- Credential Stuffing – A malicious attempt to gain access through login pages by using stolen usernames and passwords. This is done on the assumption that users use the same username and password combination for multiple purposes.
- Content Scraping – Used for downloading data off of the victim website, scraper bots gather all useful information to send back to the hacker to be used for their own benefit. This could be information on optimizing their own SEO, ways to steal organic traffic and to generally make their own projects better than others.
- Spamming – A spamming bot is sent to your site to cause nothing but annoyance and confusion for your data. They will identify themselves as a real user and execute tracking codes to be found by Google Analytics.
There’s only 1 real way to filter out these bots (without risking skewing your data even worse)
Admin > View Settings > Exclude all hits from all known bots and spiders checkbox.
This should exclude bots from future reports, unfortunately the past reports will still include this bot traffic.