Last night when checking my analytics, I saw a massive spike in traffic compared to other days. Here’s a screenshot:
Apparently, some bot is recording a non-existent page on my site “/trafficbot.live”. Now I’m no stranger to bot attacks. I have a number of tools to deal with these. I was surprised however, that my in-built firewall protections didn’t disable them before the count got so high. So I set out to do a bit of digging.
Analysis: The Traffic Doesn’t Really Exist!
I accessed both my raw server logs, as well as the analytics on Cloudflare. To my surprise, both of them showed nothing unusual! No spike in traffic of this magnitude that would explain the huge numbers I was seeing in Google Analytics. Even more surprising, my server registered no “404” pages that I would expect when someone tried to visit a non-existent page on my site. The only 404s I got were from my own IP address when I checked to see if my site was hacked and if such a page actually existed.
So I was utterly perplexed. There was no real traffic my site to a non-existent page called “trafficbot.live”. It was clearly spam. And yet Google Analytics was showing that it existed! And apparently, I wasn’t the only one. Here’s the tweet-out from my account:
A lot of people are seeing mysterious hits to “trafficbot.live” or “bottraffic.live”. Non-existent traffic. So what’s happening?
Manipulating Google Analytics Traffic
Based on the fact that all this traffic is ethereal, my guess is that the website traffic.live is spamming webpages, hoping that people will type the non-existent page into their browser and sign up for their service. A service which just happens to be….fake traffic! Here’s their homepage:
Their entire strategy is to spam thousands of websites with fake traffic to a fake page, so that it generates a lot of buzz. They’re hoping that people will write about it (like this article!), and retweet the problem (like Google’s John Mueller did). So I guess their strategy is working?
Except I hope that Google doesn’t look too kindly on this kind of manipulation and penalizes them heavily. Though it’s clear they wouldn’t mind being kicked off Google’s SERPS since they’re achieving their publicity through Google Analytics instead.
Why Is this Happening?
It’s actually quite a genius move. They’re showing that their product works, without actually harming anyone – except of Google Analytics’ credibility of course!
What Can you Do About it?
Google Analytics will probably find a way to block these guys. But if they don’t, you can create a custom filter in the GA reporting screen to remove visits to this particular page. Here’s a screenshot:
The problem with this, is that they can trivially change the name of the non-existent page to something else – for example, others have traffic going to “bottraffic.live” instead of “trafficbot.live”. And they can keep making new names that evade your filters.
I’m a NameHero team member, and an expert on WordPress and web hosting. I’ve been in this industry since 2008. I’ve also developed apps on Android and have written extensive tutorials on managing Linux servers. You can contact me on my website WP-Tweaks.com!
Thanks for this