AdRoll Retargeting Bot Attack Behind the IE7 Traffic Surges

Earlier this month, many people began noticing a huge surge in direct traffic on many websites, but primarily coming from an IE7 browser and from within the US.  This direct traffic was well outside of the ordinary but it was also skewing analytics data for many webmasters.  Barry Schwartz was the first to publicize the surge, although it had also been discussed on a variety of forums as well.  It started about July 7, 2014, had a brief lull between the 18th and 20th before it started up again in full force.

It turns out that an AdRoll retargeting bot by spammers was behind the huge increase of direct traffic from IE7 on pages that were using AdRoll.  One person commented on SERoundtable that they had narrowed the issue down to 3 sites – downloadyeah.com (no longer active), Diybest.com (site with content stolen from another site) and adnxs.com (behind a login).

Phillip Barnes explained how the attack worked.

I can confirm this is an AdRoll (retargeting) bot attack. The bots go to the homepage of a website with AdRoll tags to get then get retargeted with ads. The bot then visits their fake website to generate fraudulent ad clicks on AdRoll ads.

Many people posted screenshots showing how the traffic was hitting their sites, and it was pretty close to being identical across the board.  And it was a huge increase in very visible bot traffic for it to go undetected as long as it did with AdRoll.

It seemed that initially AdRoll was reluctant to refund due to the bot attack when contacted by advertisers, although the rep did ban the sites in question.  However, judging from recent comments, they appear to be offering asisstance for those affected.  However, the issue was happening for several weeks before people narrowed it down to AdRoll.

AdRoll commented last night on the SERoundtable post about the issue.

This issue was identified as impacting various ad tech companies and we’re working actively toward a resolution. The sites generating the invalid traffic have been permanently blacklisted and we’ve enhanced our algorithms to better detect these types of attacks in the future. Based on our initial research, the issue was isolated to a small number of our advertisers. We are now in process of working with those advertisers who were impacted. If you have questions, please contact delight@adroll.com.

An AdRoll product manager also shared:

They have not made any public comment on the site yet, nor shared anything via social media.

If you are affected, definitely read the comments at SERoundtable “Webmasters Claiming Direct Traffic Surges With IE 7 Browsers”

There is also a workaround in order to remove this traffic from Google Analytics with a custom filter.

I have reached out to AdRoll for more information and will update.

Update: Turns out that AdRoll wasn’t the only network affected.  Plus AdRoll is issuing refunds to advertisers.  “More Networks Affected by AdRoll Retargeting Bot & Advertisers Getting Refunds“

The following two tabs change content below.

• Bio
• Latest Posts

Jennifer Slegg

Founder & Editor at The SEM Post

Jennifer Slegg is a longtime speaker and expert in search engine marketing, working in the industry for almost 20 years. When she isn't sitting at her desk writing and working, she can be found grabbing a latte at her local Starbucks or planning her next trip to Disneyland. She regularly speaks at Pubcon, SMX, State of Search, Brighton SEO and more, and has been presenting at conferences for over a decade.

Latest posts by Jennifer Slegg (see all)

• Google Updates Quality Rater Guidelines Targeting E-A-T, Page Quality & Interstitials - May 17, 2019
• Google Local Service Ads Display Pricing Estimates for Specific Locations - August 31, 2018
• Google Testing “Relevant History” Section in Mobile Search Results - August 31, 2018
• Google Converts PDFs, DOCs, XLS etc into HTML for Indexing - August 30, 2018
• Why Google Shows Featured Snippets With Images from Another Site - August 29, 2018