Dumb SEO Questions

(Entry was posted by Jim MacDiarmid on this post in the Dumb SEO Questions community on Facebook, Thursday, March 22, 2018).

I`ve been getting a lot of bots and spammers

Thank you for approving my join request. I was looking at Google Analytics last night and noticed there a shady site linking to my client`s site. I`ve been getting a lot of bots, spammers and someone attempting to login to the admin area, so I suspect that shady site may be where they are coming from. I read an article last night which mentioned that one option was to disavow the site but neglected to say how to to do that. The article also suggested to try to contact the site owners or to abandon the domain. Can someone tell me where I can find the disavow tool? Are there any other ways to handle this? Thank you
This question begins at 00:48:47 into the clip. Did this video clip play correctly? Watch this question on YouTube commencing at 00:48:47
Video would not load
I see YouTube error message
I see static
Video clip did not start at this question


Selected answers from the Dumb SEO Questions G+ community.

  • Steve Gerencser: Let me guess, WordPress site? If so, the bad neighborhood links are far less important than the attempted security breaches. I would deal with those first. Doc Sheldon wrote a great two-part series on securing WordPress a while back. You can Disavow the links, that will appease the GoogleGod, but people and bots will still follow the link if that is what is sending them to your website to do bad things. You could block all traffic from that site by using an HTACCESS trick But that is what I would consider a relatively advanced tactic and done wrong could block you from your website. Also, an article that suggests that you abandon a domain name for something so minor is either FAR out of date and shady in itself. https://searchnewscentral.com/blog/2017/09/15/wordpress-site-security-guide-part-1/ http://www.htaccess-guide.com/deny-visitors-by-referrer/
  • Michael Martinez: Normally rogue bots that try to log into admin panels don`t come from Websites. They come from servers or hacked PCs. A hacked Website is more likely to try to send a ping or trackback request.
  • Travis Bailey: Are you talking about traffic from the Referrals report in Google Analytics? That may not be actual traffic. There`s a lot of affiliate spammers that send false traffic data, so you visit the `referring` site. This hasn`t been as big of an issue, as it was over the last couple years. I keep an unused GA account to see if fake/spam traffic is starting to edge up again. It doesn`t appear to be that bad, now. But fake/spam traffic in GA has always been a thing. Though if you`re terribly worried about it, do what others have mentioned with the disavow tool in Search Console. You just submit a glorified text file with a little formatting to GSC. That should handle it. Per the login attempts, that`s just always going to happen. Especially if you`re using a popular CMS (particularly WordPress). It`s pretty easy to set up a large-ish scripted attack. So I wouldn`t be too worried about a few one-off login attempts. But if you`re using something like WordPress, I recommend iThemes Security plugin. It helps you harden WP. Just go by the numbers. iThemes has a handy little feature that allows you to rename the wp-admin slug. That way, a scripted attack is far less likely to even find the login page. Yes, it`s security through obscurity, but this little detail helps a lot. The plugin also logs various things like logins and file changes, which will be handy if you ever have to worry about PCI compliance. (unlikely, if you`re not doing ecommerce... but still nice to have.

View original question in the Dumb SEO Questions community on Facebook, Thursday, March 22, 2018).

Reference Links