Mysterious Bot Traffic Floods the Web
▼ Summary
– A Colombian website owner experienced a sudden, massive surge in traffic from China and Singapore, which he initially mistook for genuine popularity.
– The traffic was identified as bot activity, characterized by visits from a single Chinese city (Lanzhou) with zero-second page engagement and no real user interaction.
– This bot attack is widespread, affecting diverse global websites from personal blogs to US government domains, significantly skewing their analytics.
– While the bots originate from IPs in China and Singapore, their purpose is unclear but is suspected to be related to companies harvesting web data for AI training.
– Analysis suggests the traffic is routed through major Chinese cloud providers like Tencent, with Lanzhou likely being an inferred location rather than the bots’ true source.
For a brief period last October, Alejandro Quintero believed his niche website had achieved unexpected international fame. Based in Bogotá, Quintero runs a site focused on paranormal topics, publishing content in a mix of Spanish and English. The site suddenly began receiving a massive and sustained volume of visits from China and Singapore, traffic so significant it now represents over half of his total visits in the past year. Initially thrilled, Quintero’s excitement turned to confusion upon analyzing the data. Google Analytics showed all Chinese visitors were from a single city, Lanzhou, with an average page stay of zero seconds and no interaction. He realized his site was not popular in Asia; it was under attack by bots.
Quintero is not alone. Since September, website operators across the globe have reported a similar mysterious influx. Victims include an Indian lifestyle magazine, a Canadian island blog, personal portfolio sites, a major weather platform with millions of pages, Shopify ecommerce stores, and even U.S. government domains. The bot traffic is easily identifiable because it drastically distorts normal analytics patterns. Data from Analytics.usa.gov reveals that in the last 90 days, 14.7% of visits to U.S. government websites supposedly came from Lanzhou, with 6.6% from Singapore, making them the top two sources of interest in American government information, a statistically improbable scenario.
While the IP addresses trace back to China and Singapore, the entity orchestrating this automated campaign remains unknown. Most affected site owners agree the bots currently pose no direct security threat. Given the surge in AI-related web scraping last year, a prevailing theory is that this traffic is likely tied to companies harvesting public web data to train artificial intelligence models.
The geographic origin story adds another layer of mystery. Lanzhou is a second-tier city in northwest China, known for manufacturing and its Silk Road history, not as a technology or data center hub. This discrepancy led experts to question if the city is the true source. Gavin King, founder of the automated traffic analysis firm Known Agents, has also seen this bot traffic target his site. His investigation confirmed all traffic was ultimately routed through Singapore. The attribution to Lanzhou by Google Analytics, he suggests, may be an approximation rather than a precise location.
The most tangible clue lies in the network pathways. King found the bot traffic to his website traveled through an Autonomous System Number (ASN) assigned to Tencent, a major Chinese technology and cloud provider. Another web manager, who runs a large weather forecasting site group and asked to be identified only as Andy, detected bots coming from ASNs linked to Tencent, Alibaba, and Huawei. All three are leading cloud service companies in China. It remains unclear whether the bots originate from these companies internally or from clients utilizing their server infrastructure, leaving the ultimate purpose and controller of this mysterious web flood still shrouded in uncertainty.
(Source: Wired)
