Kristina Vankova10 Proven Ways to Fix Bot Traffic and Restore Clean Data
If your Google Analytics (especially GA4) reports are suddenly flooded with traffic from China and Singapore — despite not targeting those regions — you’re not alone. Over the past year, many site owners have reported sharp spikes in “Direct” or “Unassigned” traffic originating from these countries, often with near-zero engagement.
The good news? In most cases, this is not real user traffic, not a hack, and not an SEO penalty. It’s typically bot or ghost traffic polluting your analytics data.
In this article, we’ll explain what’s happening and give you a practical, step-by-step list of 10 actions you can take to diagnose, filter, and prevent this traffic from ruining your analytics insights.
What’s Causing the Spike in Traffic From China and Singapore?
Most of this traffic falls into one of two categories:
- Ghost traffic – hits sent directly to Google Analytics Measurement Protocol without ever visiting your site
- Bot traffic – automated crawlers or scripts hitting your site with no real human intent
Common characteristics include:
- Sudden spikes with no marketing activity
- Extremely low session duration (often 0 seconds)
- 95–100% bounce rate
- No conversions or meaningful engagement
- “Direct” or “Unassigned” source/medium
This traffic inflates sessions and users but provides zero business value — and worse, it distorts your decision-making.
1. Confirm That the Traffic Is Actually Fake
Before blocking anything, validate your assumption.
Look at these metrics in GA4:
- Average engagement time close to zero
- Engaged sessions near zero
- Event count per session extremely low
- Conversions nonexistent
If traffic from China or Singapore shows drastically worse behavior than other countries, you’re almost certainly dealing with bots.
💡 Tip: Compare the date of the spike with marketing campaigns, PR mentions, or product launches. If nothing matches, it’s another red flag.
2. Cross-Check With Server Logs or Cloudflare Analytics
Google Analytics can be fooled — your server logs cannot.
Check:
- Hosting access logs
- Cloudflare / WAF analytics
- CDN request counts
If GA4 shows tens of thousands of sessions but your server logs don’t show corresponding page requests, you’re dealing with ghost traffic that never touched your site.
3. Use GA4 Explorations to Isolate and Exclude the Traffic
In Explore → Free Form, build an exploration where you:
- Add Country as a dimension
- Add Engagement time, Events per session, and Conversions
- Filter or segment out China and Singapore
This won’t block the traffic, but it allows you to:
- Analyze “clean” data
- Avoid misleading reports
- Show stakeholders what’s really happening
This is often the fastest short-term fix for reporting accuracy.
4. Apply GA4 Data Filters (With Extreme Caution)
GA4 allows data filters that permanently modify incoming data.
Useful filters include:
- Excluding traffic where hostname does not match your real domain
- Excluding known spam parameters or referrers
⚠️ Important:
Always create filters in Testing mode first. Once activated, filters cannot be undone and will permanently alter your data.
5. Enforce Strict Hostname Validation
One of the most effective defenses against ghost traffic is hostname filtering.
Legitimate traffic should only come from:
- yourdomain.com
- www.yourdomain.com
- approved subdomains
Bot traffic often uses:
- fake hostnames
(not set)- random strings
Filtering by valid hostnames ensures GA4 only accepts hits from your real site environment.
6. Block or Challenge Traffic Using a Web Application Firewall (WAF)
If you use Cloudflare, Sucuri, or another WAF, you have powerful tools at your disposal.
Recommended actions:
- Enable Bot Fight Mode
- Use Managed Rules
- Create rules to challenge traffic from high-risk countries
- Apply rate limiting to suspicious request patterns
Instead of outright blocking, consider JS challenges or CAPTCHAs to avoid harming real users.
7. Block Problematic IPs or ASNs at the Network Level
Some bot traffic originates from:
- Cloud providers
- Known proxy networks
- Data centers
If patterns repeat:
- Block specific IP ranges
- Block entire ASNs known for abuse
This approach is more precise than country-wide blocking and safer for international sites.
8. Fire Analytics Tags Only After Human Interaction
Using Google Tag Manager, you can reduce bot hits by:
- Firing GA tags only after scroll, click, or interaction
- Delaying page_view events until basic engagement occurs
Many bots never interact — they just load the page. This dramatically reduces junk data without blocking real users.
9. Set Up Ongoing Monitoring and Alerts
Bot traffic tends to come in waves.
Create a routine to:
- Review traffic by country weekly
- Monitor engagement metrics, not just sessions
- Set alerts for sudden spikes in Direct or Unassigned traffic
Catching the issue early prevents weeks or months of polluted data.
10. Clean Historical Data Using BigQuery (If Available)
If you export GA4 data to BigQuery, you can retroactively clean reports by excluding:
- Specific countries
- Zero-engagement sessions
- Known spam patterns
This is the best option for:
- Advanced analysis
- BI dashboards
- Executive reporting
While GA4 UI data can’t be cleaned retroactively, BigQuery gives you full control.
What This Issue Is Not
To reduce unnecessary panic:
- ❌ It is not a sign your site is hacked
- ❌ It does not directly harm SEO rankings
- ❌ It usually does not impact site performance
The main damage is bad data → bad decisions.
Final Thoughts
Traffic spikes from China and Singapore in Google Analytics are a data quality problem, not a security crisis. By combining:
- Analytics filters
- Server-side defenses
- Smart tag firing
- Ongoing monitoring
you can restore confidence in your data and make decisions based on real user behavior, not bots.
