As with most web analytics services, we will track any session to your website where your page has been requested with our tracking snippet included. Occasionally, a few of our partners have experienced bot attacks on their websites which can result in significant inflation of your site's concurrents in our Real-time Dashboard. To be clear, these attacks are in no way related to our service apart from the unavoidable consequence of our tracking code detecting these bot sessions on your site and registering them as active visitors.
Unfortunately, if your site is targeted by one of these bad actor bot networks, there's not much that our own team can do to prevent the traffic data from being counted in your Chartbeat tracking tools as these bot networks tend to target sites from unique devices and randomized IP addresses.
Should your own website fall victim, we suggest that your internal analytics team work alongside your security & web-ops team to isolate and investigate the bot pageviews in your historical data across analytics platforms (Chartbeat, Google, Adobe, etc), looking for trends in data points such as user agent, browser version, device type, and IP address. With this information, your web-ops team may be able to determine conclusively the source of the traffic and block these sessions from reaching your site going forward, or to prevent your analytics code snippets from being loaded when the bot devices access your page.
What does bot traffic look like in my Real-time dashboard?
There are a few common patterns that indicate bot traffic may be hitting your website:
- A spike in Direct traffic to your landing pages with very low engaged time
- Spikes in Social traffic ("Email, apps, and IMs") to your article pages, also with low engaged time
- Traffic from geo-locations that you don't often see in your dashboard
- High traffic to multiple irrelevant archival stories (not published recently) in your Top Pages list