homepage Welcome to WebmasterWorld Guest from 54.211.235.255
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Visit PubCon.com
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

    
Unexplained Direct Traffic Increase
Seeing a spike in direct traffic that feels like spam & want to how to stop
AndM488




msg:4690133
 3:28 pm on Jul 23, 2014 (gmt 0)

My site has seen a spike in direct traffic over the past two weeks that I believe is spam - the bounce rate has taken a hit, average page/sessions has dropped and average time on site is nearly half of what other mediums of traffic are.

Using Analytics, I've been able to pin down culprit to for the strange traffic to Internet Explorer Browser Version 7. During this time period, the bounce rate for this browser is in the high 90s, the pages per session is just above 1 ("visit" the home page and then leave), and the time on site is a few seconds. In terms of location, the traffic seems to becoming from all over the US, so I can't tie it back to any one location.

My question is this, have you experienced this before? And what did you do to stop it?

 

Zeni




msg:4690212
 8:13 pm on Jul 23, 2014 (gmt 0)

Hi there.

I have been experiencing the exact same problem since 06 July 2014. It stopped over the last weekend, but since Monday direct traffic has been surging again. Our hosting provider could not help us unfortunately.

I have been looking for answers to stop it, but no luck so far.

not2easy




msg:4690225
 10:01 pm on Jul 23, 2014 (gmt 0)

I would try taking a look at the access logs to see what the traffic has in common. Is it all requesting one page or one image or one file? Are all visits from related IP addresses?

phranque




msg:4690257
 2:47 am on Jul 24, 2014 (gmt 0)

welcome to WebmasterWorld, AndM488!


i would also start looking in the web server access file for clues.
you might consider tracking HTTP Request headers to find patterns in this traffic.

phranque




msg:4690258
 2:53 am on Jul 24, 2014 (gmt 0)

welcome to WebmasterWorld, Zeni!

Zeni




msg:4690362
 2:29 pm on Jul 24, 2014 (gmt 0)

Thanks for the welcome and the help! :)

It's direct traffic hitting our homepage, 3 seconds and gone again. It's from across the US, various Ip addresses, providers and times. It seems to be going up even more (normal traffic is about 100 sessions per day which is now up to 1500 p.d.).
I'll try to get some info if the Ips are somehow related. Could it be malware in Internet Explorer?

dhorning




msg:4690374
 3:13 pm on Jul 24, 2014 (gmt 0)

We're seeing the same spike - Mostly Windows, IE7 users, spread evenly across US cities, insane bounce rate. All of it dropped over the weekend (Friday-Sunday 18-20). It all started July 8th - all of it hitting the homepage. I could ignore it, but want to make sure this isn't an attempted hack or DDoS?

not2easy




msg:4690393
 4:02 pm on Jul 24, 2014 (gmt 0)

Note - this is an oversimplified explanation that may or may not be the precise cause of what you are seeing, just a general observation..
Often this pattern of traffic comes from bot-nets: compromised computers that are remotely tasked for different things like forum spam. The computer owner is not aware their machine is being instructed to do these things. Sometimes sent on 'dry runs' for testing and setup work by the controller. Blame people's lack of awareness and downloading everything FREE they can find.

Direct traffic also comes innocently from browser history and links shared via email. In other words, keep an eye on it and if you are seeing malicious behavior, think about blocking a few individual IPs (for a time, anyway). It all depends what their behavior is whether it is worth the effort when it is hit and run from residential IP addresses. If it is all images in the file requests, think about adding hotlink protection to your domain setup.

aristotle




msg:4690415
 4:55 pm on Jul 24, 2014 (gmt 0)

AndM488 --
not2easy is right. Those aren't real human visitors. So you shouldn't talk about things like direct traffic, bounce rate, and time on site, because all of those are meaningless in this case. The "activities" you're seeing are created artificially by computer programs

AndM488




msg:4690422
 5:39 pm on Jul 24, 2014 (gmt 0)

Thank you for the welcome phranque! And thank you everyone for the help! Before posting, I did quite a bit of reading online and found a couple of pages with questions similar to mine, but there wasn't a lot of information on what the goal of the traffic was, what the effects could be, or how to stop the artificial traffic. It seems that most just let the traffic run its course or just didn't follow up the posts with how they resolved the issue, so I really appreciate the response!

Unfortunately, I am having difficulty getting a hold of the full server logs, so I don't have the same level of information Zeni has. However, based on what I am seeing in Analytics, out situations sound very similar.

n0tSEO




msg:4691100
 6:42 pm on Jul 27, 2014 (gmt 0)

AndM488, does your analytics system report a pattern in the IPs, browser usage and/or bot name? Any pattern can be useful to blacklist these attacks (because they look like bot attacks to me).

Donadoni




msg:4691416
 9:08 am on Jul 29, 2014 (gmt 0)

Just to second AndM488 + Zeni I have been having the EXACT same problem as well on multiple domains since July 8th + including the lull in direct traffic on the weekend between the 18th - 20th, followed by an even bigger resurgence of the spam traffic. Trying to look through server logs to see if there are any more clues on this.

Interesting that all the traffic comes from various american IP's even on sites that aren't in English.

AndM488




msg:4691462
 2:44 pm on Jul 29, 2014 (gmt 0)

It seems that these spam visits were widespread enough that it got picked up by some of the SEO news sites. Based off of user comments, the common thread among the affected sites seems to be that each of the sites use AdRoll for remarketing. In case anyone would like to read through the comments, here is a link to the SEO Round Table article: [seroundtable.com...]

Donadoni




msg:4691575
 6:14 am on Jul 30, 2014 (gmt 0)

Yes I bumped into the thread a a few moments after my reply.

Note the comment from Adroll accepting responsibility for the attack. Did you have adroll platform pixel on the site that was affected?

Kendo




msg:4691584
 9:14 am on Jul 30, 2014 (gmt 0)

Do you use a CMS on your site like WordPress? I have seen forum spam software using proxys to use an array of different IP addresses, so that may be a clue?

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved