How to avoid bad bot traffic during Black Friday

Last week, we helped you get your website ready for the Black Friday traffic spikes. Now that you’re all set to handle the upcoming traffic, do you know how much of it is real and how much – non-human? According to Statista, in 2022 more than 40% of Internet traffic is from bots, and a significant portion of that is bad bot traffic. This kind of bot traffic hurts your online business and can lead to both financial and conversion losses. Let’s dig deeper into what bot traffic is, why most of it is so harmful, and how to avoid it during the busiest time of the year.

What is bot traffic and why it should be cut down to a minimum

Bot traffic is any non-human traffic that comes to a website or app. Some of it is good, when it originates from SEO crawlers (such as Google crawl bot), commercial, site-monitoring, or feed bots. Needless to say, all of these cause no harm to your site. On the other hand, bad bots come with malicious intent. These can leave spam comments, irrelevant backlinks, weird advertisements, collect private information, reuse your content, perform DDoS attacks, and other malicious activities.

How bad bot traffic affects your website

Bad bot traffic may have different consequences on your website and business, causing multiple damages:

• Website security and availability damage

Bad bot traffic hurts your website security and availability. For instance, these massive amounts of traffic to your site are a way for hackers to cause a DDoS attack. During such an attack, the traffic is so massive that the server where your site is hosted cannot handle it. This can make your website slow, unreliable or even unavailable for your users. 

Bad bots are also the main force of a brute-force attack – a way to guess your password/login details by trying numerous combinations of letters, numbers and symbols. If such an attack is successful, malicious hackers gain access to your account and/or private information.

• Website speed issues

Even if it doesn’t cause massive hacker attacks, bad bots activity can make your website much slower or even unavailable for your real visitors, affecting their overall user experience. To have your visitors stay longer on your site and turn them into clients, you’d want them to have an excellent user experience. A huge part of that is your website loading speed being as fast as possible.

• Analytics metrics and SEO rankings chaos

Bad bot traffic can also hurt your analytics metrics and SEO rankings. For example, too much bad bot traffic can bring your site down and cause 503 errors (“site is temporarily unavailable”). This directly negatively impacts your SEO rankings. What is more, bad bots can affect your analytics metrics, causing abnormally high pageviews and bounce rates, sudden drop/increase in session durations, and fake conversions. All these factors may confuse you as a site owner and you may not be able to make sense of your analytics data.

How we decrease bad bot traffic at SiteGround

At SiteGround we take multiple measures at different levels to reduce bad bot activity by default for the websites hosted on our servers, so you can have peace of mind.

Improved and advanced AI anti-bot system

Our AI anti-bot system has successfully been blocking millions of brute-force attempts per day. Recently, we improved it even further, resulting in 95% less bad traffic. Its core features are still there – analyzing and recognizing traffic patterns to eventually stop brute-force attempts. With each new brute-force attempt, the system’s knowledge expands and it gets better at preventing future attacks. As of recently, we’ve upgraded the system with a traffic validation feature that stops even more malicious non-human bots by minimizing the number of brute-force attacks. Currently, the system blocks a huge percentage of bad bots traffic towards our servers, allowing more capacity for your websites for legitimate traffic.

Combined with our enterprise-grade security system, these server-level security optimizations block the majority of all bad bot traffic and ensure website protection on a global scale. Let the numbers speak for themselves – 99,99% of bad traffic is blocked before it even reaches your website.

Smart, server-level WAF

Hacker attacks usually increase during the Black Friday season. A single outdated WordPress plugin, theme, or vulnerability can easily be used for massive damages during this busiest time of the year. That’s where our smart Web Application Firewall comes to the rescue. Our security experts closely monitor security bulletins and server activity 24/7, and in case of reported exploits, immediately add custom WAF rules (patches) into our server firewall to protect your site from current hacks and breaches due to outdated plugins, and other vulnerabilities. Our proactive security approach allows us to react much faster, often before the original plugin, theme or app developers have had the chance to release an official update. The most recent example of this was just last month, with two previous major ones not so far behind – a plugin vulnerability patched on day 0, and a Linux Kernel vulnerability patched within hours of detection.

DDoS protection

To address potential DDoS attacks from bad bots, we have a system of hardware and software mechanisms to protect your sites:

• A hardware firewall that filters flooding traffic;
• A local software firewall with more complex functions and traffic monitoring;
• А limit to the number of connections a remote host can establish;
• A check for a high number of failed login attempts from hosts and filtering them, if any.

24/7 server monitoring system

Again, in addition to all monitoring and prevention systems and checks in place, our expert system administrators team are monitoring our servers 24/7 for any system issues and in case of any, can react quickly to save the day.

How to identify that you have bad bot traffic coming to your site

Now, you probably wonder what are some signs and symptoms of bad bot traffic that will help you identify whether your site is in danger. Here are some of the red flags and ways to prevent them:

• Check your site traffic stats

You also need to check your traffic statistics, especially the IP addresses and the sources of traffic. For example, regular and high number of visits from the same IP address or increase in traffic from other regions or countries, from which you didn’t have (much) traffic before, could be an indication of bad bot traffic. As a SiteGround customer, you can easily check your traffic statistics in Site Tools > Statistics > Traffic.

• Keep an eye for unusual users’ behavior

Remember to monitor your users’ behavior regularly. In case there are increased spam comments under your posts, strange user registrations, and/or increased blocked login attempts, these are all red flags that you might be getting bad bot traffic to your site. WordPress users, who have the free SiteGround Security plugin installed, can monitor their site and login page for unauthorized visits and brute-force attempts from their Activity Log menu. What is more, they can easily block suspicious IPs and visitors.

• Make regular speed tests

You probably already do that, but if you don’t, it’s a good idea to start making regular website speed tests. For this purpose, you can use a number of different tools to measure your site speed, such as Google PageSpeed Insights, Pingdom, GTMetrix, and others that generate results in all the major speed metrics. 

In case you have the free SiteGround Optimizer plugin installed on your WordPress website, you can run a speed test within the plugin in its Speed test functionality. The check uses Google PageSpeed, provides information on the level of optimization in over 20 different areas, and gives you optimization suggestions.

If you identify that your site is experiencing page loading speed issues, dig deeper into the problem to find out the causes. These might not necessarily be bad bot traffic issues, but that’s one of the main potential reasons behind the slow speed results.

How to filter bad bot traffic yourself on SiteGround

Some of the traffic that reaches your websites may seem legitimate, even if it’s not. Thankfully, there are a number of ways and free services we offer to let you filter good from bad website traffic all by yourself:

• Use our tools to block an IP or block country traffic

Both options allow you to easily block suspicious or malicious traffic to your website. If you want to block a specific IP address from accessing your site, because, for example, you see it’s using too much bandwidth, you simply go to Site Tools > Security > Block Traffic, choose the domain for which you want to block access, then add the IP address (or a whole range in IP/IP Range), and finally click ‘Block’.

Similarly, if you notice that you get suspicious abnormal activity from a country you don’t usually operate in or have clients from, you can easily block traffic from it in a few clicks. You need to go to Site Tools > Security > Block Traffic > Block Country. There, you choose the domain for which you want to block access, pick the desired country to block in the Country dropdown, and finally click ‘Block’.

These two options will help you not only block bad bot traffic coming to your site, but they can also significantly improve your site performance by reducing the unwanted traffic and giving your site more capacity to handle real human traffic.

Improving your site capacity to handle more requests

In case you’ve identified that your site still gets some bad bot traffic which cannot be easily filtered or removed, you can decrease its negative impact by improving your website speed and performance, which will allow more capacity to handle any type of traffic altogether. Here’s how to do that:

• Take advantage of our powerful caching system

We’ve developed a powerful caching system to help you cache as much content on your website as possible. Cached content is served much faster to visitors and thus improves your site capacity to handle traffic. Our system is comprised of three caching options that are all available in your Site Tools > Speed > Caching: NGINX Direct Delivery for caching static content, such as images and CSS files; Dynamic Caching for dynamic content to be stored in the server RAM, and Memcached for storing data and objects in memory (best for database-driven websites).

• Use our other optimization services

We do a lot to improve website performance and you can make use of our premium solutions. Here are three of the main ones that can speed up your website and make room for more visitors’ requests. 

Our in-house developed SiteGround CDN requires no configuration, it’s easy-to-manage with just a few clicks, and above all, makes your site load blazingly-fast for visitors around the world. Its Basic version comes completely free of charge and provides your site with all the essential features to handle international traffic from various international locations.

Another in-house developed speed tool is the free SiteGround Optimizer plugin for WordPress websites. It provides you with many different optimization options (media, frontend, environment) that can all be enabled in a few clicks.

Last, but not least, our unique ultrafast PHP setup makes your pages load up to 30% faster and allows the server to process your website’s visits quicker.

Wrap-up

While most people are busy selling and buying goods and services during the Black Friday period, bad bots are also more active than ever, “visiting” websites and causing all kinds of potential issues. If not addressed on time and in the proper manner, they can ruin a big chunk of your holiday conversions during that time of the year, when you worked hard to get the highest number of sales.