Bot attack?

I’ve had almost 300 sessions today and 220 yesterday all from China and have never had this happen before. This is very odd as I do not sell in China. Our checkout does not allow checkout outside of the US. I reached out to Shopify support and they said nothing to worry about and everything is secure. They recommended installing Blockify, which I did and set it to block China but I maxed out the free plan in less than a day. Is this a “bot attack” and how long does it generally last? Do I really have nothing to worry about, like Shopify support advised?

Hi, yes this likely typical scraping activity from bots. For the most part, its unavoidable. A blocking app will cut down some of the traffic but there are ways around it. It’s not a direct threat, and your best defence is just making sure your store is secured in all areas.

If you’re interested in a free trial, check out our app (https://www.securecommerce.io/). We provide all-in-one security for merchants

Qualify what is their to actually worry about.
Your not paying extra hosting fees for more traffic
Your not paying more in advertising and if you are that is an off platform issue
If they are not placing orders this should not even occupy your time if your not making serious money already this is so low on the priority list.
etc etc etc

Unless you pay for an expensive WAF solution, bots are pretty unavoidable. Just make sure they’re not getting through checkout and you should be fine.

Hi @HTX-Fluid-Power

Yes, that traffic spike is almost certainly the result of bots—common lately from crawler networks based in China. They generally boost session counts without causing any damage to your store. It usually subsides in a couple of days. You can just ignore it, but if it’s still going let it traffic by country with Cloudflare rules, or just block it with a firewall app automatically filtering non US visits.

It’s not helping since the bots can go through the shopify domain. You can’t set up anything with shopify domain unless they’d like to do something for you. Unfortunately, normally they won’t do anything. My store has been under massive bots (more than 20,000 bots) for more than 3 months. They always only say some friendly words but won’t do anything. Im considering to move out of Shopify. They are doing nothing for the security.

that’s very true. Im experiencing this for more than 3 months. They don’t care…

Oh I know it sucks, but have you been on the other platforms? They are much worse for security… It’s not a Shopify platform issue, it’s an internet issue. Only 49% of all internet traffic came from humans last year, and 37% were malicious bots. It’s everywhere, in everything. APIs are inherently vulnerable to bots and data scraping, attacks on which account for 44% of all advanced bot traffic. They’rein the financial market mostly. But for ecommerce, Black Friday traffic is a frenzy of bots, with an annual average of 35% being data scraping bots.

I know everyone want to sync their products to tiktok, but little do they know that their web crawler, ByteSpider, makes up 54% of all blocked bot traffic for some bot blockers.

Hey,

This sounds like a bot attack on your store. They can last anywhere from a few hours to several days.

Shopify support is correct that your store’s security is likely not at risk, as these bots typically aim to inflate traffic or test for vulnerabilities rather than compromise data directly.

To manage this, you can:

• Cloudflare: Provides robust DDoS protection and traffic filtering.
• Shop Protector: Blocks suspicious traffic and bots based on various criteria.
• Bot Blocker: Identifies and blocks malicious bots and unwanted traffic.

Best,
Daniel Smith