Back to Blog
Guide·9 min read

How to Detect & Block Bot Traffic With BATracker

Bots never buy. Yet they crawl, scrape, and hammer your links all day — inflating your click counts and quietly draining your EPC and ROI. This guide shows how BATracker automatically detects bots and gives you transparent filter rules to block junk traffic before it ever touches your offer or your visit quota.

1. Why Bot Traffic Destroys Your EPC and ROI

Every performance marketer's core metrics — EPC (earnings per click), conversion rate, and ROI — are ratios. Bots poison the denominator. A bot loads your link, gets counted as a visit or a click, and then does what bots always do: nothing. No purchase, no lead, no revenue. The more bot traffic slips through, the lower your EPC looks and the worse your campaign appears — even when your real human traffic is performing perfectly.

The math is brutal:

1,000 clean human clicks → 20 conversions → $600 → EPC = $0.60

1,000 human + 500 bot clicks → 20 conversions → $600 → EPC = $0.40

Same real revenue, but the 500 bot clicks dropped your reported EPC by a third. On paid traffic it is even worse — if you paid for those bot clicks, that spend is pure loss. Filtering bots is not a nice-to-have; it is how you keep your numbers honest so your optimization decisions are based on real buyers. BATracker is built to strip that junk out before it counts.

2. Automatic Bot Detection (BOT_STATUS)

On every incoming click, BATracker automatically inspects the visitor's user agent against an extensive, continually curated pattern set. If the user agent matches a known non-human signature — or is empty entirely — the click is marked as a bot and surfaced as the BOT_STATUS signal you can filter on. There is no configuration required for the detection itself; it runs on every click out of the box.

Crawlers, scrapers & headless

bot, crawler, spider, scraper, headless, phantom, selenium, puppeteer, playwright

CLI & scripting tools

curl, wget, python-requests, axios, node-fetch, go-http-client, java, okhttp

Search engines

googlebot, bingbot, yandexbot, baiduspider, duckduckbot

Social & preview bots

facebookexternalhit, twitterbot, linkedinbot, whatsapp, telegrambot, applebot

SEO crawlers

ahrefsbot, semrushbot, mj12bot, dotbot, petalbot, bytespider

AI crawlers & empty UA

gptbot, claudebot — plus any request with a completely empty user agent, which is treated as a bot.

This is deliberately transparent. BATracker does not hide behind an opaque numeric "fraud score" that silently decides your fate. You get a clear, deterministic BOT_STATUS boolean, and you choose what to do with it — block it, redirect it, or flag it for review.

3. Datacenter, Proxy & Connection Signals

User-agent detection catches the honest bots. The sneaky ones spoof a real browser string. That is where BATracker's network-level signals come in.

DATACENTER

BATracker identifies visitors coming from hosting and cloud provider ISPs — AWS, Google Cloud, Azure, DigitalOcean, Linode, Vultr, OVH, Hetzner, Oracle, Alibaba, Cloudflare, Fastly, and many more — and flags their connection type as datacenter. Real customers browse from home broadband, mobile carriers, and offices. They almost never browse from inside a datacenter. A datacenter IP hitting your affiliate link is one of the strongest fraud tells there is.

PROXY & CONNECTION_TYPE

BATracker also exposes a PROXY flag for proxy/VPN detection and a CONNECTION_TYPE signal describing how the visitor is connecting. Fraudsters lean heavily on proxies and VPNs to fake geos and dodge frequency limits, so being able to block or flag proxy traffic closes another major hole — while still letting you make exceptions where legitimate VPN use is expected.

Because these are exposed as first-class filter signals, you are never guessing. You can pair them with your geo and device rules for surgical control over exactly who reaches your offer.

4. Repeat-Click Detection & Conversion Dedup

Some junk traffic looks human per-click but reveals itself in aggregate — the same IP clicking your link over and over. BATracker's CLICKS_PER_IP signal tracks click frequency per IP so you can catch repeat clickers with a simple threshold rule, such as CLICKS_PER_IP greater_than 5.

On the conversion side, BATracker automatically applies duplicate detection. Its per-(click, event type) dedup means a single click can legitimately record different event types — for example an AddToCart and a Purchase — while a repeat of the same event type on the same click is flagged as is_duplicate. Combined with transaction-ID dedup on inbound postbacks, this keeps padded or accidentally re-fired conversions from inflating your revenue and CR.

5. Signals & How to Filter On Them

Every anti-bot signal is a filter dimension. Here is how the core protection signals map to filter rules you can build in BATracker:

SignalWhat It CatchesExample Rule
BOT_STATUSKnown bots, crawlers, scrapers, headless browsers, CLI tools, empty UABLOCK where BOT_STATUS is_true
DATACENTERTraffic from AWS, GCP, Azure, OVH, Hetzner and other hosting ISPsBLOCK where DATACENTER is_true
PROXYProxy / VPN connections used to fake geosBLOCK where PROXY is_true
CONNECTION_TYPEThe class of connection (e.g. hosting vs residential)FLAG where CONNECTION_TYPE equals ...
CLICKS_PER_IPRepeat clicking from a single IPREDIRECT where CLICKS_PER_IP greater_than 5
USER_AGENTCustom UA substrings not in the default listBLOCK where USER_AGENT contains ...
IPSpecific bad IPs or CIDR rangesBLOCK where IP in_range 1.2.3.0/24

Boolean signals use is_true / is_false. Frequency signals like CLICKS_PER_IP use numeric operators (greater_than, between, and more). And these anti-bot dimensions sit alongside BATracker's full filter toolbox — COUNTRY, DEVICE, OS, BROWSER, ISP, REFERRER, sub IDs (TRACKING_FIELD_1..20), WEEKDAY, TIME_OF_DAY, and IP CIDR ranges — so a single filter template can enforce both fraud protection and targeting at once.

6. Build Your Anti-Bot Filter Template

The smart move is to bundle your anti-bot rules into a reusable filter template and attach it to every campaign — so new campaigns inherit the same protection automatically. Filter templates are shared rule sets with an ACTIVE / PAUSED / ARCHIVED status. Inline per-campaign filters take precedence when you need a one-off exception. Rules evaluate top-down, and the first matching rule wins; if nothing matches, the click is allowed.

A solid starter anti-bot template

  1. BLOCK where BOT_STATUS is_true — kills all known bots and empty-UA requests.
  2. BLOCK where DATACENTER is_true — drops cloud/hosting traffic that no real buyer generates.
  3. BLOCK where PROXY is_true — removes proxy/VPN traffic faking its location.
  4. REDIRECT where CLICKS_PER_IP greater_than 5 — send repeat clickers to a fallback URL instead of your paid offer.
  5. (Optional) ALLOW a trusted whitelist first, or FLAG borderline traffic for manual review instead of blocking outright.

Order matters: put explicit ALLOW whitelist rules at the top if you have known-good sources, then your BLOCK rules, since the first match wins. Prefer REDIRECT over BLOCK when you want to salvage the click by sending it to a safe fallback (BATracker issues a 302 to your fallback URL and logs it as filtered). Use FLAG when you want to keep the traffic but review it later. This is the difference between BATracker's approach and a black-box scorer: you set the policy, you see the outcome, and you can tune it anytime.

7. What Happens to a Blocked Click

When a BLOCK rule matches, three things happen — and the third is the one that protects your wallet:

Returns 404

The bot gets a dead end. It never reaches your lander or offer, so it can't skew your conversion funnel.

Logged as filtered

You still see it in your logs, so you keep full visibility into how much junk you're stopping and why.

No quota consumed

A blocked click does not count against your plan's visit quota — bots can't burn through your limits.

That last point is a genuine competitive advantage. On many trackers, junk traffic still eats into your billable events. With BATracker, the bots you block are simply gone from your quota math — you pay for real visitors, and your reports stay clean. REDIRECT traffic is likewise logged as filtered, so whichever action you choose, the outcome is fully auditable.

The payoff: with bots, datacenters, proxies, and repeat-clickers filtered out before they count, the visits, clicks, and conversions in your reports represent real humans. Your EPC, CR, and ROI become trustworthy — and trustworthy numbers are the foundation of every good scaling decision.

8. Frequently Asked Questions

How does BATracker detect bot traffic?
BATracker automatically inspects the user agent of every click against an extensive set of patterns. It flags crawlers, scrapers, and headless browsers (bot, crawler, spider, scraper, headless, phantom, selenium, puppeteer, playwright), CLI tools (curl, wget, python-requests, axios, node-fetch, go-http-client, java, okhttp), search engines (googlebot, bingbot, yandexbot, baiduspider, duckduckbot), social and preview bots (facebookexternalhit, twitterbot, linkedinbot, whatsapp, telegrambot, applebot), SEO crawlers (ahrefsbot, semrushbot, mj12bot, dotbot, petalbot, bytespider), and AI crawlers (gptbot, claudebot). An empty user agent is also treated as a bot. The result is exposed as the BOT_STATUS signal, which you can filter on.
Can BATracker block traffic from datacenters and VPNs?
Yes. BATracker flags visitors from hosting and cloud ISPs (AWS, Google Cloud, Azure, DigitalOcean, Linode, Vultr, OVH, Hetzner, Oracle, Alibaba, Cloudflare, Fastly, and more) with the connection type "datacenter" — real users almost never browse from a datacenter. It also exposes a PROXY flag for proxy/VPN detection and a CONNECTION_TYPE signal. You create filter rules to BLOCK where DATACENTER is true or BLOCK where PROXY is true, and that junk traffic never reaches your offer.
Does BATracker use an automatic fraud score that blocks traffic on its own?
No. BATracker does not rely on a mysterious black-box numeric fraud score that silently blocks clicks. Instead it gives you transparent, deterministic signals — BOT_STATUS, DATACENTER, PROXY, CONNECTION_TYPE, CLICKS_PER_IP, and more — and you decide how to act on them with explicit filter rules. You stay in control: you can BLOCK, REDIRECT, FLAG for review, or explicitly ALLOW, and you always know exactly why a click was filtered.
What happens to a blocked bot click?
When a filter rule with the BLOCK action matches, BATracker returns a 404 and logs the click as filtered. Critically, a blocked click does NOT consume your plan’s visit quota — so bots and scrapers cannot burn through your plan limits. You still see the filtered traffic in your logs for transparency, but you are not paying for it, and it never touches your offer or your conversion data.
Why does blocking bots improve my EPC and ROI?
Bots never convert. Every bot or datacenter click that reaches your offer inflates your visit and click counts while contributing zero revenue, which drags down EPC (earnings per click) and ROI. Worse, on paid traffic you may be paying for those clicks. By filtering bots, datacenters, proxies, and repeat-clicking IPs before they count, BATracker keeps your denominator clean: your EPC, conversion rate, and ROI reflect real human buyers, so your optimization decisions are based on accurate numbers.

Stop Paying for Bots. Start Tracking Real Buyers.

BATracker detects bots automatically and lets you block datacenters, proxies, and repeat-clickers with transparent filter rules — so your visit quota, EPC, and ROI reflect real humans only.

Start Your Free Trial