We got a sudden spike in traffic on our homepage https://tinloof.com for the last month. Based on our Google Analytics data, we’re pretty sure these are not real users. We don’t know whether they are some random bots or somebody is running a script to make loads of requests to our page.
This is not only affecting our analytics data quality but it’s also affecting our bandwidth usage on Netlify since we received an email about it.
Please help us identify what this issue is and what to do to fix it.
Have you looked into filtering bot and spider traffic from Google Analytics, then you can 1) see analytics clearly and 2) Actually see if these are bots. I would imagine google is pretty good at detecting spiders scrapers etc.
@fool Thanks for your reply. Indeed, the traffic reduced during the last period, not sure why.
The only monitoring tool we have is Google Analytics and we don’t have access to the IPs there. What information do you like me to provide you about the source?
Sorry for the delay, @seif - I have been out of the office.
Tis unfortunate but we can’t share IP’s generally speaking due to the GDPR. I guess in this case if you’re sure you didn’t have any monitors, seems like it was an attack, though a pretty useless one.
I looked at the total bandwidth used and it was around 15Gbyte, not enough to cause you to get charged on its own.
In the future you’ll be able to use our edge handlers feature to handle blocking traffic you don’t like yourself:
…but we don’t intend to get too judgmental about which traffic we serve by default:
we aim to serve your site to all visitors since “super bowl ad” traffic is pretty hard to tell apart from “misconfigured scanner” which is impossible to tell apart from “intentionally configured scanner” in many cases.
we do block attacks whose traffic levels impact our system; this traffic was not at that level though (it would have needed to be about 300x as much to probably cause any alarms to go off here).
Sorry I don’t have better news for you today on blocking that traffic, but that’s what our system supports right now.