How Much Web Traffic Is Bot Traffic?

Recently, I noticed when there is an issue over at "one of the forum support sites" about "traffic spikes" and I post the well known and undisputed fact that, for most "well established" web sites, bot traffic accounts for over 50% of all traffic in the log files; my posts on that site get promptly deleted.

I have been puzzled as to why anyone at a certain "support site about forums" would delete posts which clearly state accurate and undisputed technical fasts, common knowledge by Internet system engineering and cybersecurity experts. Puzzled, from a technical perspective, I checked out the billing model for "that forum hosting business." Experience over the years have shown all of us that when it comes to matters of money (and affairs of the heart), people will do strange and irrational things.

Why do my posts about bot traffic dominating cyberspace get repeated deleted?

Before I post an image of the business model I am referring to, let's get to some actual statistics; numbers which jive with what I have seen over the last two decades "hands on platforms and logs".

First, let's look at a 2013 online article by Igal Zeifman, Report: Bot traffic is up to 61.5% of all website traffic. In that article, the bottom line is this eye-catching pie chart below, clearly showing that "non human" Internet traffic was over 60%, way back in 2013.

Then, a few years ago, a 2017 article by Adrienne Lafrance (just pulled at random from a Google search), The Internet Is Mostly Bots, More than half of web traffic comes from automated programs—many of them malicious, Lafrance says:

Most website visitors aren’t humans, but are instead bots—or, programs built to do automated tasks. They are the worker bees of the internet, and also the henchmen. Some bots help refresh your Facebook feed or figure out how to rank Google search results; other bots impersonate humans and carry out devastating [DDoS attacks.]

We could enter into a loop and keep searching and posting references, but the results would drive the same conclusion regardless of the number of hours we would spend searching for references - more than half of all traffic on the Internet is generate by bots. It's a fact.

As someone who has been "hands on in the log files of web servers" for two decades, this comes as no surprise to me; or anyone else who actually reviews the log files of their servers on the Internet. The web has been dominated by bots as far back as I can remember. All cybersecurity and data center professionals recognize this undisputed fact. I have written a lot of code over the years to "not show display ads" to bots. It's just part of doing business on the net.

So, why do my innocent, information and knowledge sharing posts on this topic from time to time, end up deleted by the management over at "that hosting company", and others I will not name?

Maybe this picture explains it? Does it have anything to do with the fact that many business model are based on page-views per month?

model_pricing949×412 98.6 KB

I actually thought (mistakenly) that the "page views per month" model had fallen by the wayside years ago; but maybe that is because most people I know will not pay for this kind of "per page view" pricing scheme unless the company has a very robust bot detection and classification system (and most do not) and they were only billing based on actually human traffic.

Web-based publishers and advertisers are well aware of this "bot fact of life" as well. Most all Internet advertising companies and publishers market their business as "having sophisticated algorithms to filter out bot traffic" and this way of marketing has been standard for some time. In fact, a few years ago I was on the phone with the CFO of one of the largest tech-related ad networks in the US, and he told me this key fact was at the heart of their customer's concerns and drive their entire business model.

I am surprised anyone would "vanish" my posts on this topic when discussing user-agent filtering, traffic spike, rouge bots, and how to detect and block bots. It's a well known fact, not something open to dispute or even controversy, except it seems, for sites who's revenue model is driven by page views.

My suggestion, as an expert in this field long before these "hosting sites" were in business, is that these businesses must invest in software and hardware ,so they can do what everyone else in this business has been doing for many years, and classify and track all traffic and assure the page-views their customer pay for are all human traffic, in a transparent way; or at least provide them very detailed statistics of the breakdown.

Now long ago, on one of the support sites I am referring to, one of their novice hosting customers were excited to see a huge spike in traffic and asked about the spike. They were in heaven seeing this spike; until I explained to them it was a bot. Then, I was not welcome in the discussion! Imagine being the "wet blanket" on the party, explaining to a novice sys admin that their big traffic spike is NOT a huge surge is new human readers. There is no wonder why I'm not popular at these sites :). The truth is not what people want to hear.

In my constant child-like innocence, I thought I was being helpful to explain to the novice system admin that these spikes in traffic are very common and happen randomly on the net. We never know when a rouge bot will hit a site; but what we do know is that most random traffic spikes are caused by bots. This is just a fact of life in cyberspace. However, after posting "just the facts, ma'am" my post quickly vanished from cyberspace, forever.

How much web traffic is bot traffic?

The answer is that it varies.

Some days bot traffic can be less than half, other (rare) days it might be 80% to 90% of the traffic totals. Most bots these days do not "identify themselves" as bots and so simple logging and filtering on the identifying UA (user agent) strings is not a viable detection strategy.

What is a viable detection strategy for bots?

Stay tunes and I'll discuss that in a future article.

You said it!!

I was raised as a child where "honestly and truth" was the #1 human virtue.

This has served me very well over the years as a professional engineer, for the most part, and my integrity has never been questioned and I have been trusted with some of the highest security clearances in the past (which I am not supposed to say the exact "level", but it required a full psychological eval by a team of doctors to be granted the clearance). At one time in my career, I had full, unescorted access privileges into the heart (control center) of a major nuclear power plant (for example).

However, having such a core "built-in" personal "honestly and integrity" character built into my brain has had a negative consequences socially speaking, especially when working in groups of people who do not have such integrity built into their core way of thinking.

I would never work for any company who charges users "per page view" for web hosting and then deletes the posts of a bone-fide expert in cybersecurity who has pointed out to them (technically, not based on any revenue models), that large percentage of web traffic is generated by bots.

Frankly speaking, I'm totally baffled why any company would (seemingly) delete my posts on this topic, which are 100% accurate, only because it (seemingly) could call into question how they charge their customers.

The ethical thing to do would be to hire an outside expert to audit web hosting traffic and provide the breakdown of the actually percent of bot traffic, based on the behavior of the traffic (not on user agent strings) and provide this number to paying customers.

Instead, at least two of my posts related to this topic have been deleted, seemingly only because it indirectly (could potentially) effects their revenue model.

I have never been one to value money over truth, honor and integrity. This is not how my brain is wired since childhood. Unfortunately, at least in my view, this does not seem to be how some people and businesses operate.

I've just read this posted on LinkedIn by member Shay Rowbottom.
Bang on topic and highly relevent........................

A fake society?

As a culture, we are taught that appearance is what matters most.

Speaking your truths and standing up for what is right is usually frowned upon and often shamed.

As a result, we live in a society that forces people to do away with their authenticity and perpetuates a world of fakeness.

Standing up for the truth is not always easy.

As George Orwell famously said, “The further a society drifts from truth the more it will hate those who speak it?”

Often times, it will lead to being rejected, bullied, and fired.

But the way I see it, if you don’t have haters, you are probably not speaking the truth!

That reminds me of a career story.....

After I graduated in electrical engineering, I went to work for the Johns Hopkins Applied Physic Laboratory.

During my first summer months there, I worked in the lasers and electro-optics lab (and one of the space vehicle labs), which was a very cool place to work (the laser and electro-optics lab), by-the-way, and I was lucky enough do a lot of optical design work. This included designing a lot of fixtures to hold the optics and lasers to the light table and other metal parts machines from various alloys. I also worked in a group that designed parts for spacecraft (in collaboration with the Jet Propulsion Lab at CalTech) and we were required to machine special parts for spacecraft as well.

For most engineers, when they needed a metal part they have designed and machined to be anodized and plated, they would drop their part and the work order off at a window outside of the shop that did the plating and anodizing work for the engineers. However, I've generally always been curious about every step of all of my design projects so I ventured back into the plating shop on day.

There, in the "the dark dungeon" of the plating shop I found the technician who did all the electroplating and anodizing, and I was struck how "green" and "sickly" his face appeared. The shop, behind the scenes, looked like a sci-fi health hazard, and so I reported the issue to my supervisors at the "principal scientist" levels, wrote a brief report which I submitted to the "record book", and made numerous inquires about it.

Not long after I started poking my nose and "fact-finding personality" around the lab's plating shop and making noise about the working conditions there, I was fired.

Oh, how far I had fallen! From the top of my engineering class, highly recruited by most of the top companies who recruited on campus; selected by the applied physics lab at JHU to be the "future of the lab", to "out the door" for asking too many questions about the plating lab (and a few other "truth-telling" situations).

A number of years later, I read a news report where a government regulatory agency in the US had inspected the lab and ordered that exact plating shop shut down (or something to that effect); calling that lab a "biohazard" (paraphrasing, as it was a long time ago and I'm relying on very old memories). Actually, it has been so long ago, I don't recall the exact details; and I only remember the entire store in general terms. But I will never forget the "sickly face" and "green hands" of the guy who ran the electroplating shop back then.

Of course, I thought to myself when I read what happened, if they had of listened to me "way back when", when I first reported the hazard I had found when I ventured back into the "electroplating dungeon" of the lab, they could have cleaned it up and avoided such a high-profile problem.

This was a great lesson learned in my life as a recent electrical engineering graduate.

Very few people want to know the truth; and telling the truth can cost you your dream job.

However, unfazed, I have remained a "truth teller" all my professional life; because without honor and integrity, regardless of our wealth, fame or power, we have nothing; and I have been very fortunately to have worked with many organizations of very high ethical standards, especially the United States Air Force.

That's one of many stories from my past. Hope you have enjoyed it!

Yes, you obviously touched a nerve there!!! The issue was that the operation of the plating shop was top secret and the only guy who knew how to do it with the "sickly face" and "green hands" was a captured alien from another planet.

Yeah, they probably transferred the plating shop guy from Area 51 to the lab !

Alien Electroplating, Inc.