What are bots and how do you stop them from skewing your reporting? Read on. I’m going to help you understand.

What is a Bot?

A bot, short for robot, is a software application that has the primary mission of completing automated tasks online. These tasks are typically repetitive in nature and are performed with more efficiency and speed than is possible by a human.

Good vs. Harmful Bots

Bots are used for beneficial purposes such as indexing internet sources and search engines. However, their uses have also gone over to the dark side. Harmful bots are designed for malicious purposes, such as spreading malware, collecting email addresses, committing click fraud, and artificially inflating website traffic. Let’s take a look at the different types of bad bots you need to be aware of.

Spambots

Spambots are bots used to collect or “harvest” as many email addresses as possible so that they can be targeted for unsolicited commercial email (UCE). This is why more sophisticated Internet users tend to not link their email addresses the natural HTML way, but encrypt it in JavaScript, an image or text clues like johndoe at gmail dot com. Some bots even fill out forms and thwart CAPTCHA protections.

Other bots spam without even collecting email addresses. They attack the servers directly by going to hundreds of thousands of websites each day and sending HTTP requests with a fake referrer header. They design and distribute these fake headers in order to avoid being discovered as bots. The phony header typically displays the website that the spammer wishes to endorse, and which they want to get clicks or even links from in the case that server logs have been made public.

Smart Spambots

Some spambots are designed to send artificial traffic without even visiting a website. This happens when the bots produce HTTP requests from a Google Analytics tracking code. Your website ID is used as well. Not only can smart spambots send fake traffic to a website, but they can also send fake referrers. Since the referrer website often looks like a legitimate one, you may think that the referring website is real, though it’s not. The GM Block Bots plugin filters out these types of bots with a 403 Forbidden message and prevents them from showing up in your Google Analytics.

Botnet

Botnet stands for a robot network, and it is a network of computers. The botnet is in communication with each other in order to perform tasks. It can be located locally, or it can be spread out across the globe. When a spambot accesses botnet, it can gain access to the whole network of IP-addresses and launch attacks including DDoS, Adware, Spyware, E-mail spam, click fraud, fast flux, and scareware. This further confuses website owners as fraudulent traffic can be coming from a wide range of IP addresses.

How to Detect Spam Sources

Start by going to your Referrals report located in your Google Analytics account and sort the report by the bounce rate in descending order. Then, locate any referrers with a 100% or 0% bounce rate, and who also have 10 or more sessions. If you suspect that a website is a spam referrer, try googling information about it. Once you have confirmed these bad bots, you may want to block them from visiting your website. Of course, you could always just ignore them.

How to Protect a Website from Spambots

If you are finding spambots in your Google Analytics frequently, you can block them with .htaccess. While it is the most effective method, any small .htaccess mistake can bring your site down, so do so with caution.

You can also hide spambots directly in Google Analytics, as is explained in this link. While it does hide traffic, without spending endless hours setting up filters, junk traffic is still logged.

Don’t lose hope. Spambots can be thwarted. While dealing with spambots can be frustrating, it’s important to stay on top of the threat. Doing so will give you a clearer view of how your website is performing.