Solved

how to identify and block bot traffic?

  • 13 January 2023
  • 9 replies
  • 718 views

Userlevel 2
Badge +1

Hi Amplitude community,

we are currently experiencing high volume of traffic from suspicious IPs. Those IPs change regulary. My concerns are:
 

  1. does Amplitude identify bot spam/traffic? how?
  2. is it possible to block bot spam/traffic automatically by Amplitude? how?

 

Looking forward for your support, thanks in advance

icon

Best answer by Saish Redkar 14 January 2023, 01:42

View original

9 replies

Userlevel 7
Badge +10

Hey  @Tatiana 

There was a recent discussion on a similar topic

 

As per this post , Amplitude only identifies and blocks Google’s web crawler.
So the fallback options would be to send data via HTTP API and controlling the IP there and/or implementing a block filter ( if the number of IPs are handful ).

Alternatively, if these events are getting attributed to a single bot user ID you can have this ID blocked on the Amplitude backend via Support. I had to choose this option since we didn’t capture the IP address on events to leverage the block filter.

 

Hope this helps.
 

Userlevel 3
Badge +5

Hi @Tatiana, adding to what Saish mentioned. If you have the exact user agent of the bot, you can send it to our Support team and we would be happy to help block it on our backend.

Hope this helps, and please feel free to let us know if you have any further questions.

Best,

Thao

Userlevel 2
Badge +1

thank you for your support @Saish Redkar and @Thao Nguyen

apparently in Google Analytics, spam traffic is caused by external people that take the tracking code (GA property ID) from the website code, and then directly send spam traffic to it. 

  1. do you have an idea what causes this spam traffic being sent to Amplitude?
  2. could you share how can I identify the user agent of the bot? (we currently have multiple spam traffic IPs and these change regularly)
Userlevel 3
Badge +5

Hi @Tatiana, sorry for the late reply! I am not sure about the first question. Allow me to check with my team and I will get back you shortly!

To identify the user agent, you will need to do some logging to find it. For web apps, the user agent is available in JavaScript with navigator.userAgent. The user agent is also commonly seen in HTTP headers as the “User-Agent” header: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent 

Userlevel 3
Badge +5

Hi @Tatiana I discussed this with my team and our hypothesis is that the spammers have created a bot that performs the event you are tracking. For example, if you are tracking a “click” event and there is spam traffic for this event, it means the bot is clicking on this event.

Hope this helps. Let me know if you have any further questions.

Best,

Thao

Userlevel 2
Badge +1

@Thao Nguyen  thank you very much for your support, it is very helpful

 

best,

Tatiana

Userlevel 3
Badge +5

You are so welcome, @Tatiana ! Please feel free to write in to us at any time!

Userlevel 1
Badge +1

I understand this as a dev but wish there was a way Amplitude proactively filtered out bot traffic so it doesn’t junk up the data we work so hard to keep clean.

Userlevel 5
Badge +8

@mkoiva thanks for this note. I’ve submitted this feedback to the product team!

Reply