How to Detect & Block Bot Traffic With BATracker
Bots never buy. Yet they crawl, scrape, and hammer your links all day — inflating your click counts and quietly draining your EPC and ROI. This guide shows how BATracker automatically detects bots and gives you transparent filter rules to block junk traffic before it ever touches your offer or your visit quota.
1. Why Bot Traffic Destroys Your EPC and ROI
Every performance marketer's core metrics — EPC (earnings per click), conversion rate, and ROI — are ratios. Bots poison the denominator. A bot loads your link, gets counted as a visit or a click, and then does what bots always do: nothing. No purchase, no lead, no revenue. The more bot traffic slips through, the lower your EPC looks and the worse your campaign appears — even when your real human traffic is performing perfectly.
The math is brutal:
1,000 clean human clicks → 20 conversions → $600 → EPC = $0.60
1,000 human + 500 bot clicks → 20 conversions → $600 → EPC = $0.40
Same real revenue, but the 500 bot clicks dropped your reported EPC by a third. On paid traffic it is even worse — if you paid for those bot clicks, that spend is pure loss. Filtering bots is not a nice-to-have; it is how you keep your numbers honest so your optimization decisions are based on real buyers. BATracker is built to strip that junk out before it counts.
2. Automatic Bot Detection (BOT_STATUS)
On every incoming click, BATracker automatically inspects the visitor's user agent against an extensive, continually curated pattern set. If the user agent matches a known non-human signature — or is empty entirely — the click is marked as a bot and surfaced as the BOT_STATUS signal you can filter on. There is no configuration required for the detection itself; it runs on every click out of the box.
Crawlers, scrapers & headless
bot, crawler, spider, scraper, headless, phantom, selenium, puppeteer, playwright
CLI & scripting tools
curl, wget, python-requests, axios, node-fetch, go-http-client, java, okhttp
Search engines
googlebot, bingbot, yandexbot, baiduspider, duckduckbot
Social & preview bots
facebookexternalhit, twitterbot, linkedinbot, whatsapp, telegrambot, applebot
SEO crawlers
ahrefsbot, semrushbot, mj12bot, dotbot, petalbot, bytespider
AI crawlers & empty UA
gptbot, claudebot — plus any request with a completely empty user agent, which is treated as a bot.
This is deliberately transparent. BATracker does not hide behind an opaque numeric "fraud score" that silently decides your fate. You get a clear, deterministic BOT_STATUS boolean, and you choose what to do with it — block it, redirect it, or flag it for review.
3. Datacenter, Proxy & Connection Signals
User-agent detection catches the honest bots. The sneaky ones spoof a real browser string. That is where BATracker's network-level signals come in.
DATACENTER
BATracker identifies visitors coming from hosting and cloud provider ISPs — AWS, Google Cloud, Azure, DigitalOcean, Linode, Vultr, OVH, Hetzner, Oracle, Alibaba, Cloudflare, Fastly, and many more — and flags their connection type as datacenter. Real customers browse from home broadband, mobile carriers, and offices. They almost never browse from inside a datacenter. A datacenter IP hitting your affiliate link is one of the strongest fraud tells there is.
PROXY & CONNECTION_TYPE
BATracker also exposes a PROXY flag for proxy/VPN detection and a CONNECTION_TYPE signal describing how the visitor is connecting. Fraudsters lean heavily on proxies and VPNs to fake geos and dodge frequency limits, so being able to block or flag proxy traffic closes another major hole — while still letting you make exceptions where legitimate VPN use is expected.
Because these are exposed as first-class filter signals, you are never guessing. You can pair them with your geo and device rules for surgical control over exactly who reaches your offer.
4. Repeat-Click Detection & Conversion Dedup
Some junk traffic looks human per-click but reveals itself in aggregate — the same IP clicking your link over and over. BATracker's CLICKS_PER_IP signal tracks click frequency per IP so you can catch repeat clickers with a simple threshold rule, such as CLICKS_PER_IP greater_than 5.
On the conversion side, BATracker automatically applies duplicate detection. Its per-(click, event type) dedup means a single click can legitimately record different event types — for example an AddToCart and a Purchase — while a repeat of the same event type on the same click is flagged as is_duplicate. Combined with transaction-ID dedup on inbound postbacks, this keeps padded or accidentally re-fired conversions from inflating your revenue and CR.
5. Signals & How to Filter On Them
Every anti-bot signal is a filter dimension. Here is how the core protection signals map to filter rules you can build in BATracker:
| Signal | What It Catches | Example Rule |
|---|---|---|
| BOT_STATUS | Known bots, crawlers, scrapers, headless browsers, CLI tools, empty UA | BLOCK where BOT_STATUS is_true |
| DATACENTER | Traffic from AWS, GCP, Azure, OVH, Hetzner and other hosting ISPs | BLOCK where DATACENTER is_true |
| PROXY | Proxy / VPN connections used to fake geos | BLOCK where PROXY is_true |
| CONNECTION_TYPE | The class of connection (e.g. hosting vs residential) | FLAG where CONNECTION_TYPE equals ... |
| CLICKS_PER_IP | Repeat clicking from a single IP | REDIRECT where CLICKS_PER_IP greater_than 5 |
| USER_AGENT | Custom UA substrings not in the default list | BLOCK where USER_AGENT contains ... |
| IP | Specific bad IPs or CIDR ranges | BLOCK where IP in_range 1.2.3.0/24 |
Boolean signals use is_true / is_false. Frequency signals like CLICKS_PER_IP use numeric operators (greater_than, between, and more). And these anti-bot dimensions sit alongside BATracker's full filter toolbox — COUNTRY, DEVICE, OS, BROWSER, ISP, REFERRER, sub IDs (TRACKING_FIELD_1..20), WEEKDAY, TIME_OF_DAY, and IP CIDR ranges — so a single filter template can enforce both fraud protection and targeting at once.
6. Build Your Anti-Bot Filter Template
The smart move is to bundle your anti-bot rules into a reusable filter template and attach it to every campaign — so new campaigns inherit the same protection automatically. Filter templates are shared rule sets with an ACTIVE / PAUSED / ARCHIVED status. Inline per-campaign filters take precedence when you need a one-off exception. Rules evaluate top-down, and the first matching rule wins; if nothing matches, the click is allowed.
A solid starter anti-bot template
- BLOCK where BOT_STATUS is_true — kills all known bots and empty-UA requests.
- BLOCK where DATACENTER is_true — drops cloud/hosting traffic that no real buyer generates.
- BLOCK where PROXY is_true — removes proxy/VPN traffic faking its location.
- REDIRECT where CLICKS_PER_IP greater_than 5 — send repeat clickers to a fallback URL instead of your paid offer.
- (Optional) ALLOW a trusted whitelist first, or FLAG borderline traffic for manual review instead of blocking outright.
Order matters: put explicit ALLOW whitelist rules at the top if you have known-good sources, then your BLOCK rules, since the first match wins. Prefer REDIRECT over BLOCK when you want to salvage the click by sending it to a safe fallback (BATracker issues a 302 to your fallback URL and logs it as filtered). Use FLAG when you want to keep the traffic but review it later. This is the difference between BATracker's approach and a black-box scorer: you set the policy, you see the outcome, and you can tune it anytime.
7. What Happens to a Blocked Click
When a BLOCK rule matches, three things happen — and the third is the one that protects your wallet:
Returns 404
The bot gets a dead end. It never reaches your lander or offer, so it can't skew your conversion funnel.
Logged as filtered
You still see it in your logs, so you keep full visibility into how much junk you're stopping and why.
No quota consumed
A blocked click does not count against your plan's visit quota — bots can't burn through your limits.
That last point is a genuine competitive advantage. On many trackers, junk traffic still eats into your billable events. With BATracker, the bots you block are simply gone from your quota math — you pay for real visitors, and your reports stay clean. REDIRECT traffic is likewise logged as filtered, so whichever action you choose, the outcome is fully auditable.
The payoff: with bots, datacenters, proxies, and repeat-clickers filtered out before they count, the visits, clicks, and conversions in your reports represent real humans. Your EPC, CR, and ROI become trustworthy — and trustworthy numbers are the foundation of every good scaling decision.
8. Frequently Asked Questions
How does BATracker detect bot traffic?
Can BATracker block traffic from datacenters and VPNs?
Does BATracker use an automatic fraud score that blocks traffic on its own?
What happens to a blocked bot click?
Why does blocking bots improve my EPC and ROI?
Stop Paying for Bots. Start Tracking Real Buyers.
BATracker detects bots automatically and lets you block datacenters, proxies, and repeat-clickers with transparent filter rules — so your visit quota, EPC, and ROI reflect real humans only.
Start Your Free Trial