GA4 bot traffic surge from Lanzhou and Singapore: What’s happening and how to respond

By /
GA4 dashboard showing the bot traffic surge from Lanzhou and Singapore with low-engagement sessions

GA4 bot traffic surge from Lanzhou and Singapore: What’s happening and how to respond

By Agustin Giovagnoli / February 12, 2026

Since mid-October, website owners have flagged an abrupt, unexplained influx of sessions labeled from Lanzhou, China and Singapore—often spiking to extreme levels in GA4 real time—and bearing all the hallmarks of automated traffic. The GA4 bot traffic surge from Lanzhou and Singapore is flooding dashboards with near-zero engagement sessions, disrupting measurement and, for many merchants, undermining paid campaign optimization. The suddenness, location clustering, and behavior patterns point to bots rather than new human audiences [1][2][3].

Why this matters for businesses and marketers

This wave burdens analytics teams with contaminated data: inflated sessions, distorted bounce rates, and misleading conversion metrics. For ecommerce operators, the impact reaches revenue when spoofed visits corrupt downstream systems like Meta Pixel, degrading ad learning and reducing the effectiveness of paid campaigns. Merchants report deteriorated optimization and difficulty making sound budget decisions while the surge persists [1][3].

How to confirm it’s bot traffic: quick diagnostic checklist

Teams are seeing consistent signals that indicate automation rather than real user behavior:

  • Geographic clustering: large shares of real-time sessions attributed to Lanzhou and Singapore, sometimes exceeding thousands of concurrent “users” [1][2].
  • Session quality: extremely short sessions and near‑100% bounce rates with minimal or no engagement [1].
  • Network concentration: spikes often concentrate within a small set of networks or ASNs [1].

If your GA4 shows abrupt surges from these cities with the above traits, you’re likely seeing bots, not a sudden organic audience expansion [1][2].

Mitigations amid the GA4 bot traffic surge from Lanzhou and Singapore

The strongest defenses sit at the edge. Where you control your infrastructure (e.g., your CDN or server), consider layered mitigations:

  • Rate limiting for bot traffic and bursty patterns that don’t resemble human browsing [1].
  • Challenge or block suspicious user agents; monitor for scrapers and generic crawlers [1].
  • Geo or ASN filtering to reduce known clusters (with caution about collateral damage) [1].

Teams commonly use services like Cloudflare to implement these protections; see Cloudflare’s bot controls for implementation details in its developer documentation (external). These steps won’t retroactively clean GA4, but they can cut off much of the influx before it hits your origin [1].

Mitigations for sites with control of their edge (Cloudflare, server-level)

Where possible, pair traffic shaping with analytics hygiene:

  • Deploy Cloudflare bot mitigation and progressive challenges on high‑risk endpoints [1].
  • Add lightweight rules to throttle repeated, rapid-fire hits to HTML and key landing pages [1].
  • Maintain user‑agent blocklists for known scrapers; review and rotate regularly [1].

These measures can reduce the noise feeding your analytics and protect CPU/IO without materially affecting legitimate users. If you operate in sensitive markets, test geo-blocking or rate‑limiting thresholds before broad rollout [1].

Workarounds for merchants on managed platforms (Shopify and similar)

Many small and mid‑sized stores sit behind platform edges where traffic terminates before any third‑party firewall can act. On Shopify, merchants report that they cannot implement IP, country, or ASN blocking pre-delivery, leaving them exposed to ongoing floods that skew analytics and disrupt ad optimization [3]. In the interim:

  • Use analytics filters and segments to exclude suspicious geographies or behaviors in reporting [1][3].
  • Where available, consider server‑side tracking options to compare backend conversions against pixel‑fired events [3].
  • Report incidents to platform support; affected users are calling for built‑in, platform‑level bot detection [3].

These steps won’t stop the traffic at the edge, but they can limit downstream harm while platforms evaluate stronger controls [3].

Cleaning and preserving analytics accuracy in GA4

While origins remain unclear, you can preserve decision quality by isolating the surge in reporting:

  • Create segments that exclude suspicious sessions (e.g., specific cities or extreme low‑engagement patterns) for analysis and trend comparisons [1].
  • Build filtered views for ongoing monitoring so CRO and media teams aren’t optimizing on corrupted baselines [1].
  • Recognize limits: historical data remains tainted; note the measurement caveat in dashboards and experiment logs [1].

Observers hope Google strengthens built‑in spam and bot filtering in GA4, reducing the manual effort required to keep reports trustworthy [1].

Ad performance: diagnosing and stabilizing Meta Pixel learning

Merchants report that fake visits degrade Meta Pixel learning, confusing audience targeting and event optimization [3]. In practice, stabilize by:

  • Temporarily narrowing optimization to higher‑quality conversion events while the surge is filtered in reporting [3].
  • Comparing pixel events to backend orders or server‑side events to detect inflated signals [3].
  • Pausing or adjusting campaigns most sensitive to low‑quality sessions until traffic normalizes [3].

What platforms and analytics providers should do

Platform architecture matters. When traffic ends at a managed edge, merchants need pre‑delivery filtering, not just after‑the‑fact analytics clean‑up. Users are urging Shopify to add robust bot detection at the platform level and calling on Google to improve GA4’s spam and bot filtering so teams can trust their dashboards again [1][3].

For a broader set of implementation guides and frameworks, explore our AI tools and playbooks.

Sources

[1] GA4 Bot Traffic Spike From China (Lanzhou) and Singapore, Solution
https://definiteseo.com/analytics/ga4-bot-traffic-spike-from-china-and-singapore/

[2] Unusual traffic spikes in Google Analytics from Lanzhou and …
https://www.linkedin.com/posts/robert-papworth-9049266_googleanalytics-activity-7396895645594226688-mJs1

[3] Shopify must act against the massive wave of Chinese bots …
https://community.shopify.com/t/shopify-must-act-against-the-massive-wave-of-chinese-bots-destroying-merchant-data-and-ad-performance/574775

Scroll to Top