Do my Brazil heavy website stats indicate something nefarious?
July 24, 2014 3:41 PM   Subscribe

My itty-bitty portfolio website traffic is almost all new visitors from Brazil. I don't have anything on my portfolio that would appeal to Brazilians. What is going on? Should I be worried?

Normally, I only get hits when I am giving the address out on job applications. Now I am getting at least one hit every day, mostly from Brazil. All use Chrome for Windows as a browser, no mobile hits. Different internet providers, no repeat visitors. My portfolio is a one page deal, so, I really have no idea if they are looking around. I've just noticed this trend getting more pronounced for several months now and I am stumped.
posted by Foam Pants to Computers & Internet (18 answers total) 6 users marked this as a favorite
Have you done a google search on what links to your site to see if there's somewhere specific where someone has linked to you?
posted by jacquilynne at 3:49 PM on July 24, 2014

Could someone in Brazil be hotlinking to some of your content?

Back when I was posting custom content on Sims website a lot someone stole some of my work and I suddenly got like 3000 visitors to my site in one hour from some random area in Russia and it was freaky as hell until I figured out what was wrong.
posted by Hermione Granger at 3:53 PM on July 24, 2014 [1 favorite]

Response by poster: The only thing someone could be linking to is an image. I tried to do a search for those images and came up with nothing. Maybe I wasn't doing it right.
posted by Foam Pants at 3:56 PM on July 24, 2014

Do you have access to the server access logs, specifically for referer data?
posted by holgate at 3:58 PM on July 24, 2014

What are you using to check your web traffic? If it's Google Analytics, you should be able to see what page people are looking at. You could also add a free invisible Stat Counter tracker to your site, when shows you how people arrive and which pages they look at. I noticed my website getting hits even after I blocked it from Google search. Turned out, Bing had indexed it and I needed to remove my website from that search engine.
posted by AppleTurnover at 4:03 PM on July 24, 2014

Response by poster: Google Analytics. I have one page and one page only with several image thumbs that, when clicked on, display the full sized image in a Jquery slideshow. So, yeah, there is one page and some images.
posted by Foam Pants at 4:11 PM on July 24, 2014

Response by poster: Do you have access to the server access logs, specifically for referer data?

I do now. I'm looking at my cpanel. I have raw logs, Webalizer stats, and Awstats. So far, I don't see anything weird. UGH!
posted by Foam Pants at 4:31 PM on July 24, 2014

Someone could be accidentally using your Google Analytics code. I had a portfolio site where someone in Germany copy and pasted a bit of the HTML into their own design and they had included my Analytics code with it, so their foreign traffic was showing up in my Analytics but not in my web logs.
posted by bradbane at 5:01 PM on July 24, 2014

Best answer: Do you see in your referrer logs? I saw a lot of referals from them recenyl (usually about once a day or every other day). They appear to be a somewhat fishy SEO type service, that doesn't identify itself as a crawler (perhaps to get you to click on their site to see who the referrer is) with most of the traffic coming from Brazilian servers. I ended up just blocking them after searching around and found many people recommending doing the same.
posted by TwoWordReview at 5:34 PM on July 24, 2014 [2 favorites]

My guess would be referrer spam in service of bogus SEO.

On my server it mostly comes from Russia and Ukraine, and I get a lot of it.
posted by Chocolate Pickle at 6:42 PM on July 24, 2014

By the way, if it makes you feel better, a couple of years ago Google made a major change in how it calculates site relevance. (Metafilter was collateral damage.) One consequence of the change is that blog comment spam and referrer spam now reduce a site's score rather than improve it. (Also link farms.)

But a lot of web site operators overseas haven't gotten the message and still hire "SEO experts" to use the dodgy old approaches.
posted by Chocolate Pickle at 6:51 PM on July 24, 2014

Response by poster: Semalt? YES! I think you have hit the nail on the head. If you don't mind, how did you block them?
posted by Foam Pants at 6:55 PM on July 24, 2014

You would need to determine the IP (or range of IP's) that they're using and block them in your firewall. (If you don't have control over your firewall, you're kind of SOL.)

The Russians and Ukrainians who have been doing this to me are using botnets, so it isn't possible to stop them at all. (Except by entirely blocking those nations, which I have considered.)
posted by Chocolate Pickle at 7:10 PM on July 24, 2014

You should be able to do this through the IP deny function in cpanel. I found users in Wordpress forums who had the appropriate code to block. If you google 'block semalt wordpress env=spammer' I'm sure it'll pop up.
posted by TwoWordReview at 9:13 PM on July 24, 2014

Best answer: This looks like the code I used!

You can edit your .htaccess file manually through file manager also
posted by TwoWordReview at 9:16 PM on July 24, 2014 [1 favorite]

I also used .htacess code to block my Russian and Ukraine spammers. I don't recall off the top of my head if it's the exact same code, but I just googled for the code with the urls that I wanted to block. Easy-peasy!
posted by Room 641-A at 9:25 PM on July 24, 2014

I just want to say thanks to the OP for asking the question and to TwoWordReview for the code to block semalt. I was in the same boat (as of 5 minutes ago) and didn't even know it.
posted by MansRiot at 8:54 AM on July 25, 2014

Response by poster: Thanks, everybody, for your spot-on answers, especially TwoWordReview. You both solved the mystery and the underlying problem.
posted by Foam Pants at 9:29 PM on July 28, 2014

« Older Food me?   |   How hot is Seattle real estate right now? Newer »
This thread is closed to new comments.