Unusually high traffic since early October

[SupaGruen]

I don't know who else to ask, so here goes:

My installation of Yourls (1.9.2) shows click stats that seem to be inflated by a lot. This started in early October, but I don't think it's real traffic. It only affects urls used in newly published posts, so it's not random.

Here's an example:

---

I checked the agent strings (borrowed from the "don't log bots" plugin) and the top agent by far is:

Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Mobile Safari/537.36

---

The Yourls installation was never indexed by Google, but I still disallowed it in the robots.txt file just now.

The user agent above mentions Mobile Safari, but I'm not sure if that's real or just someone else using it. Could this be related to the recent release of iOS 18 (September 16th, 2024)?

If you have any ideas, I'd be grateful for any input.

[dgw]

Could this be related to the recent release of iOS 18 (September 16th, 2024)?

Unlikely; the top UA string you pulled from your analysis appears to be a generic Android Chrome user agent. It's probably spoofed. (You can send quite literally anything you want in a user-agent HTTP header when pinging a server; there's no mechanism to validate it.)

It only affects urls used in newly published posts, so it's not random.

The Yourls installation was never indexed by Google, but I still disallowed it in the robots.txt file just now.

Are the posts indexed? Possible also that a rogue crawler picked up on your site and doesn't respect any robots.txt rules or noindex directives you already have.

I'm a little stumped here as to the problem here, other than a vague feeling that the hits might be artificial. Most people would be thrilled with an uptick in traffic visiting the web content they publish, unless it turns out to be a DDoS attack. 😁

[SupaGruen]

Unlikely; the top UA string you pulled from your analysis appears to be a generic Android Chrome user agent. It's probably spoofed. (You can send quite literally anything you want in a user-agent HTTP header when pinging a server; there's no mechanism to validate it.)

Just a guess on my part, but yes, that makes more sense.

Are the posts indexed? Possible also that a rogue crawler picked up on your site and doesn't respect any robots.txt rules or noindex directives you already have.

Yes, they were all indexed - Google is quite fast with this site (8-10 hours). The thought of a misconfigured crawler did cross my mind. At least that would mean it's hopefully not malicious. I have seen a few webscrapers and even amateurishly behaving East Asian browsers (missing url parts in requests) in my traffic over the last few years.

I'm a little stumped here as to the problem here, other than a vague feeling that the hits might be artificial. Most people would be thrilled with an uptick in traffic visiting the web content they publish, unless it turns out to be a DDoS attack. 😁

In the past I used to have Yourls connected to Google Analytics to keep an eye on the outbound traffic, but with GA4 it got too complicated and I switched to the built-in stats. But with this spoofed traffic, that control is gone. Hopefully a DDoS attack isn't the problem as the site also uses Cloudflare.

I guess I will have to wait a bit longer and hope this weird problem goes away soon. Thank you very much for your time and answer!