Today, I've had a massive 'bot visit' now for 1 hour - with several of hundreds hits to /bot-traffic.icu - which of course does not exist.
They seem to come from a source with the same name (bot-traffic.icu).
I know others have had the same issue with the same bot and also with trafficbot.live.
I've been in touch with Shopify Support, but as usual there is not really much understanding there.
Is there anyway I can block these bots? I know I can exclude them (or try to...) in Google Analytics, and I know I can try to prevent them from going throug checkout - but I just want to completely blok access to my shop.
I really do dot want yet another app running to do this, but as I cannot control it server side myself - do you have any ideas on how to handle this?
You're absolutely correct in that there's no server side way to block bots or visitors based on their website of origin.
However Blockade does offer that functionality on the client side. We do a reverse DNS lookup on each IP address and run it by your blocked websites list.
If the IP address is associated with a blocked website, they will be redirected away from your store.
This is a premium feature in the app, but it's just $5 per month.
We've been hit hard by bots too. It's really unfortunate Shopify won't offer better protection from this attack unless you go Shopify Plus, which is only viable for larger businesses. Hopefully someone at Shopify will have pity in the small business....fingers crossed.
Normally you would add the IP to your Robots.txt but I;m not sure how to do that in Shopify.
There is the added problem that bots now can be set to ignore Robots.txt anyway
I'm no authority on bots, but them hitting you checkout page could have serious connotations for security.
I'm surprised Shopify is not helping more on this, have you googled the IP to see if they are not just bots from the card merchants checking you out ?
I haven't googled the IP but Shopify shows IP's and one we checked was 2000 miles away lol. Yeah the inventory gets immediately pulled out of stock and added to cart and then ordered. It happened in under 2 minutes today and we had to manually cancel a bunch of sales and take the product offline. Shopify should offer protection for this but they don't unless you use Shopify Plus and that is not affordable at our level. There's a third party app but they charge .5% of your total revenue each month LMAO. So yeah, this is a problem that no one wants to fix I guess.
Found This :
Seems you can block it in Google Analytics
Hope this helps ?
Yeah that might be for those ppl that get the Bot comments and auto-fills on forms. Ours has to do with product grabbing and making actual orders. Thanks though for chatting. Appreciate it!
Any update? Did you find any solution? Are you still receiving bots visits? It's strange that to me the visits doesn't appear in Google Analytics.
I've had the same problem with my inventory, and wondered what was going on? My marketing company figured out a couple of months ago that I had a "bot" problem, and they have been working overtime to help me. This has been a nightmare, as my sales have dropped drastically. I reached out to Shopify today, and they suggested I install an app called CleanTalk, which is free. So unbelievable that they don't offer better protection! It's killing small businesses like mine!
If we go out of business Shopify looses as well!
Copy of post from related thread:
Same sort of issues here. Hundreds to thousands of fake customers being created and "abandoning their carts". We get a couple batches every day. I've tried support multiple times and they admit this is a known issue that shopify developers are working on. Then they suggested anti-fraud 3rd party apps, but when i've tried those and talked to those app developers, the common issue is that they only work with Shopify Plus stores because they need access to the checkouts.liquid file in order to inject protection. Without access to this liquid file, it also appears that manually implementing a honeypot is not an option.
After a couple rounds with this, it was suggested that I try IP or country blocking apps, however, when I asked how I could determine the offending IPs or even countries, shopify support told me that data was not available to us for customers, but only if they successfully completed an order. Strike two.
These fake customers and cart abandons are causing havoc in our analytics and because we integrate with hubspot I am having to manually purge batches of contacts and deals from there to avoid those analytics being ruined.
Looking around in this community hub, there are related conversations going back at least 2 years. Seems like this issue needs some additional prioritization attention!
In addition to checkout.liquid, the new Checkout Extensibility API's for Shopify Functions (which would have been another way to block bots from starting checkouts), is currently restricted to Shopify Plus as well.
Make the shift from discounts to donations, and witness your business not only thrive fina...By Holly Dec 4, 2023
On our Shopify Expert Marketplace, you can find many trusted third party developers and fr...By Arno Nov 27, 2023