Last night when checking my analytics, I saw a massive spike in traffic compared to other days. Here’s a screenshot:
Apparently, some bot is recording a non-existent page on my site “/trafficbot.live”. Now I’m no stranger to bot attacks. I have a number of tools to deal with these. I was surprised however, that my in-built firewall protections didn’t disable them before the count got so high. So I set out to do a bit of digging.
Analysis: The Traffic Doesn’t Really Exist!
I accessed both my raw server logs, as well as the analytics on Cloudflare. To my surprise, both of them showed nothing unusual! No spike in traffic of this magnitude that would explain the huge numbers I was seeing in Google Analytics. Even more surprising, my server registered no “404” pages that I would expect when someone tried to visit a non-existent page on my site. The only 404s I got were from my own IP address when I checked to see if my site was hacked and if such a page actually existed.
So I was utterly perplexed. There was no real traffic my site to a non-existent page called “trafficbot.live”. It was clearly spam. And yet Google Analytics was showing that it existed! And apparently, I wasn’t the only one. Here’s the tweet-out from my account:
A lot of people are seeing mysterious hits to “trafficbot.live” or “bottraffic.live”. Non-existent traffic. So what’s happening?
Manipulating Google Analytics Traffic
Based on the fact that all this traffic is ethereal, my guess is that the website traffic.live is spamming webpages, hoping that people will type the non-existent page into their browser and sign up for their service. A service which just happens to be….fake traffic! Here’s their homepage:
Their entire strategy is to spam thousands of websites with fake traffic to a fake page, so that it generates a lot of buzz. They’re hoping that people will write about it (like this article!), and retweet the problem (like Google’s John Mueller did). So I guess their strategy is working?
Except I hope that Google doesn’t look too kindly on this kind of manipulation and penalizes them heavily. Though it’s clear they wouldn’t mind being kicked off Google’s SERPS since they’re achieving their publicity through Google Analytics instead.
Why Is this Happening?
If I had to guess, I would say that the spammers are scraping your Google Analytics ID and using the GA code to execute the JavaScript and create fake traffic. This shouldn’t be resource intensive at all. In fact, it’s orders of magnitude cheaper to do this instead of sending actually traffic to people’s websites. Not to mention that they’re sending this spam to potential customers, and they don’t want to DDoS their sites and piss them off!
It’s actually quite a genius move. They’re showing that their product works, without actually harming anyone – except of Google Analytics’ credibility of course!
What Can you Do About it?
Google Analytics will probably find a way to block these guys. But if they don’t, you can create a custom filter in the GA reporting screen to remove visits to this particular page. Here’s a screenshot:
The problem with this, is that they can trivially change the name of the non-existent page to something else – for example, others have traffic going to “bottraffic.live” instead of “trafficbot.live”. And they can keep making new names that evade your filters.
In fact, there is no way for Google Analytics to distinguish real traffic from this kind of fake traffic. I don’t know how they’re going to solve this problem. And I’m honestly not sure that they can solve it. The way the measurement happens via JavaScript, they can’t stop someone from simulating real traffic. It’ll be interesting to see how Google deals with this issue going forward!
I’m a NameHero team member, and an expert on WordPress and web hosting. I’ve been in this industry since 2008. I’ve also developed apps on Android and have written extensive tutorials on managing Linux servers. You can contact me on my website WP-Tweaks.com!
Steve says
Thanks for this