A store owner is experiencing recurring bot attacks every 3-4 days, generating approximately 6,000 fake visits during early morning hours (3-4 AM EST). The bots originate from Ashburn, VA data centers, only hit the homepage, and immediately bounce without creating accounts or interacting further.
Primary concerns:
Polluted analytics data
Potential negative impacts on SEO, site speed, and ad retargeting budgets
Uncertainty about bot purpose and why attacks started recently after 7-8 years in business
Suggested solutions:
Enable CAPTCHA (already confirmed as active)
Implement one-time password customer accounts
Block specific countries/IPs
Use analytics apps like TrueProfit for cleaner reporting
Consider Cloudflare for domain-level bot management
Key insight: Bots may be scraping homepage content for price comparison sites, competitor tracking, or affiliate marketing purposes. While they don’t significantly impact speed or SEO, they can waste advertising budgets if triggering retargeting pixels.
Status: Discussion remains open, though one participant claims to have successfully blocked similar attacks after 5 hours of work (method not yet shared).
Summarized with AI on October 24.
AI used: claude-sonnet-4-5-20250929.
Lately I’ve noticed a lot of bot traffic hitting my store every 3-4 days. The visits are usually very short around 3-4 a.m. EST, and bounce right away. Everytime it happens, it adds about 6k extra visits in report.
Has anyone else dealt with this before?
Is there a way to block these bots?
Besides polluting my analytics, could this cause any negative effects on my store (SEO, speed, ads(retarget), etc.)?
I’d really appreciate any advice or tools you’ve found useful for handling this.
There are lot of bots signups and many of the store get bot orders. Basically, there are 3 ways to block the bots.
1.) Enable new One Time password pased Customer account.
2.) Enable captcha to the store.
3.) Block some specific countries.
Also, there is no major impact on Speed and SEO but it depends upon ads like If these bots are triggering ads (like Google Ads or Facebook), they can eat up your budget without any actual sales or conversions. That’s particularly problematic for retargeting ads, where you’re aiming to show ads to visitors who were actually interested in your products.
Thanks for your suggestions! These bots all appear to come from IPs in Ashburn, VA, so it seems they’re originating from data centers.
From what I can see, they’re only landing on my homepage and aren’t visiting other pages, creating customer accounts, or leaving comments.
I’m not sure what the purpose of these bots is, and if they’re not benefiting anyone, why are they happening?
I’ve been in this business for 7,8 years, it’s odd that these bots only started showing up recently. I do notice there’re some direct competitors who just started this year though
Even though they’re only hitting your homepage, these bots might be scraping your content (like product details, pricing, and promotions) for price comparison sites, affiliate marketing, or to track competitors. The homepage is often a good entry point for bots because it’s typically where key information like your site’s navigation, promotions, and meta tags are listed.
Also, captch is helpful to restrict the bot signups.
I’ve also checked some other posts and found a few common ways people are doing:
Using a Shopify app to restrict bots. I’ve seen people say these apps help block bots by redirecting them or denying access, but the shopify analytics report still gets messed up. Do you have any apps you’d recommend?
Using Cloudflare to manage the domain and block bots. I’m not sure if anyone has experience with this approach. However, this feature appears similar to Shopify’s built-in bot blocking, so it likely won’t work for the type of bots in my case.
