1

I have a website on MS Azure and for the past two months, I've been getting mass amount of requests from Russia spamming my site and logs with non-sense and pro-Trump garbage. Based on what I read, I'm not the only site with this issue. Google Analytics shows almost half of the requests to my site are spam on a daily bases from the same source.

I really don't have access to the IIS access logs to see what IPs the spam is coming from. Plus, if they change IPs, then back I'm from where I started. So I decided to block Russia Federation until I can sort this out. I used an online site to generate the configuration necessary to block all request from Russia. Russia is a big country. It has 11 time-zones and a whole a lot of ips to block. In fact, the config file got so large that Azure choked (500 errors).

One other option is to check the country where the request is coming from dynamically and reject the request. This means that I have to verify every request from a third-party service. That may slow thing down for the legit users.

The question is, what option do I have to stop the flood? This costing me money in terms of bandwidth and performance.

Language section of Google Anaytics

RoraΖ
  • 12,317
  • 4
  • 51
  • 83
Zuzlx
  • 235
  • 2
  • 8

2 Answers2

2

There are a few things you can do that might help.

Add keyword blacklist to your site. If you get Trump and casino spam, drop any post containing the word Trump or casino.

Add a rel="nofollow" to any links provided by a user, including links in comments and links to user "home pages". Search engines are supposed to ignore any link so tagged, making them less valuable to the spammer.

Add a "probationary" period where new users can't post until a moderator has approved their post. Banhammer any account who tries to post spam.

Add a CAPTCHA. Spammers don't seem to waste much time on sites that make spamming hard. Not all CAPTCHs have to be hard-to-decode pictures; some can be simple questions, like "Check this box if you are not a spammer" or "What is the sum of three plus four?"

Don't worry about the extra call to services just yet. You need to get rid of the spammers first if you want people to stick around.

John Deters
  • 33,650
  • 3
  • 57
  • 110
  • Thanks John. But these aren't typical spammers for better SEO or try to steal CC information. They are trying to spam GA so the owners read them. We, the site owners, are the target. The way they stay on top of the list is by sending massive requests. – Zuzlx Dec 19 '16 at 06:21
  • @drewbenn I attached the picture. But they are on top of my list on most sections of my GA due to the large number of requests. – Zuzlx Dec 19 '16 at 06:34
2

Google analytics traffic goes from the client browser to google's servers. this traffic does not touch your server.

change your google anaylitics api key so that offenders using your old key will no-longer register as results.

think carefully before deploying the new key. and take it down if you see new abuse.

Jasen
  • 834
  • 5
  • 8
  • Thanks Jasen. So they don't need to load the page? UA number is enough for them to do it locally in the browser without sending a request to the server? Just trying to understand this... – Zuzlx Dec 19 '16 at 08:24
  • the spammers are probably not using actual browsers, but instead botnets running software that pretends to be a browser, but some of the ftaffic couldbe coming from dodgy browser plugins and toolbars etc... – Jasen Dec 19 '16 at 08:36