Announcement

Collapse
No announcement yet.

Botnet attack falsifies SEO analytics and uses bandwidth

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Botnet attack falsifies SEO analytics and uses bandwidth

    The SEMalt (or semalt) botnet may be attacking your website eating bandwidth and producing false visits with a 100% bounce rate.

    According to articles posted on the web, it appears the goals are to distort your bounce rate, sell useless SEO services, and maybe, install malware. Some also warn against visiting the website. We suspect the plethora of emails for SEO services, slipping through the spam filters, may be partly related to this.

    The evidence is found in the Acquisitions - Referral Report in Google Analytics. Search for "semalt" in the reports advanced search to see all the variations of its domains and sub-domains that have been used to attack your site. Select country as a Second Dimension, found under Users, to see the global nature of this; truly, this is a devious botnet.

    We have been hit a number of times, since January 2014, from computers located in almost 40 countries usually spread among several cities. This means they have infected a wide range of computers. Each attacks varies in the number hits. It eats into the bandwidth.

    Most importantly, each one of these phony visits counts as a new visitor. This attack distorts the bounce rate and the visitor count by reporting both higher than the true numbers. Accurate analytics information is the foundation of an effective ecommerce marketing strategy.

    Potentially, it could lead to Google demoting your website, or at least some of your pages, in the search results because the appear to be of low quality. Hopefully, Google is wise to this.

    You can set up a filter, in Google Analytics, to prevent "semalt" visits from appearing in the Google Analytics reports. However, the filter will only prevent future visits from showing. According to postings on the web by others dealing with this, the most effective solution requires blocking in your website's .htaccess file.

    It would be helpful if a 3dCart could comment, and even better, implement a solution.
    Last edited by Luxlife; 08-17-2014, 12:26 PM.
    Luxlife

  • #2
    yes, the only way is blocking the referrer semalt at the server level. They have a trillion ip addresses so blocking an ip is fruitless.

    Can 3dcart do something?

    Comment


    • #3
      Before submitting a ticket, we would like to know if other merchants have been hit by this botnet. Is your website affected by this?
      Luxlife

      Comment


      • #4
        I have but haven't seen them lately but I have several IPs blocked for them. I'm sure I'll see them again.
        Last edited by susansgreenmarketplace; 08-18-2014, 04:16 PM.
        Susan's Green Marketplace
        Natural, Organic and Eco-Friendly Products
        http://www.susansgreenmarketplace.com

        Comment


        • #5
          We are getting these also.

          BP

          Comment


          • #6
            There is a new setting, found in Google Analytics Settings - Admin, to remove known bots and spiders from the reports. It will be interesting to see how Google handles this; whether or not it is retroactive and how long will it take for a bot to be recognized. There are many more questions. We have turned this on and expect it will lead to lower numbers in a number of key reports. This does not stop the bots from connecting to your website, but it will help make the Google Analytics reports more accurate. The bots and spiders will still show in Smarter Stats. The solution to these attacks lies on blocking in the .htaccess.
            Last edited by Luxlife; 08-29-2014, 04:20 PM.
            Luxlife

            Comment


            • #7
              We have seen this increase too. Saudi Arabia and Egypt just in the last month as an active user from 2% to now 20.5%. Sometimes in one day from same 47 sessions. We are installing Smarter Stats. Hoping this program will help solve problem as they are eating bandwidth.
              Last edited by Fran; 08-29-2014, 11:22 AM.

              Comment


              • #8
                3dCart recommends Cloudfare. Any thoughts?
                Luxlife

                Comment


                • #9
                  We have been using Cloudflare.com since February and we are happy with it. It is easy to block whole countries. They also automatically block known problem ips.

                  It also speeds up the site, and cuts on band width.

                  One issue is that Smarterstats 8.5, the current installed version on 3dcart, will show all visitor ips as these from Cloudflare.

                  According to Smarterstats version 9 solves the problem, but not sure.

                  Comment


                  • #10
                    This is a bit of pickle. We need to conduct our own investigations of website visitors and traffic; accurate IP address information is essential.

                    The 3dCart ROI tracking is almost useless. At least for us, most of the reports do not work. They either time out or fail to generate results.

                    Is 3dCart planning to upgrade to the latest SmarterStats? There are a number of new and interesting features.

                    Is Google Analytics affected by Cloudfare? For example, is demographic information, age and sex, available?
                    Luxlife

                    Comment


                    • #11
                      Are we able to use .htaccess with 3dcart? If so, we can block semalt that way.

                      Comment


                      • #12
                        No. 3dCart is run on Microsoft IIS servers which do not have .htaccess files. However, there should still be a way to block on servers using this technology. We are looking into this.
                        Luxlife

                        Comment


                        • #13
                          Did anything ever come of this? There's several referral spammers I'd like to block.

                          Comment


                          • #14
                            It's been suggested to me by a Google rep to contact their spam department. We've been having "bounces" off our website that go to porn sites. After I figure out how to convert to responsive templates, I'll call the number and share the info. (P.S., We found this out while monitoring our live chat traffic.)
                            Last edited by Davef; 03-23-2015, 10:18 PM.

                            Comment


                            • #15
                              IIS can do the same thing using ISAPI rewrites that unix base servers can do with the htaccess file.

                              These stupid bots are messing up Analytic data and using bandwidth. Does anyone know if 3dcart will modify ISAPI rules for your site?

                              Comment

                              Working...
                              X