AVG Antivirus sending me lots of unwanted traffic and how I dealt with it
I wrote last month about an enormous amount of traffic being directed to this blog all of a sudden. The culprit is the latest version of AVG antivirus which installs a module called ‘Linkscanner’. Essentially what this does is when someone searches Google for example, Linkscanner will automatically check every link in the results. The Register have written about it a couple of times.
This is bad because it seriously skews my statistics for one and very bad because it is chewing up a lot of my available bandwidth. So what is one to do?
As I noted previously, AVG uses a few unique user agent strings. These can be used in a .htaccess file to deny access to Linkscanner or as in my case redirect the request to a certain page. Unfortunately my ability with using regular expressions is pretty limited to say the least but while browsing a discussion about Linkscanner on reddit.com last night someone posted a solution. That someone was none other than Pádraig Brady who is a frequent contributor to the Irish Linux Users Group.
Rather than post Pádraig’s solution here I will link to it instead. However instead of directing AVG users back to the AVG site as Pádraig’s example does – I redirect them to a custom page I made earlier. I was going to link to my custom page but since I will be using it to keep a tally of AVG hits I decided not to link to it here.
To get an idea of how much extra traffic is generated as a result of Linkscanner consider that this site is relatively light on traffic but in the two hours since I started redirecting AVG users, the page mentioned above has been hit over 240 times!
Bad AVG, very bad.
Over 18k hits from the SV1 user agent today alone. Bastards. That possibly explains the jump in visitors, but there’s also been a jump in Adsense clicks too so it can’t all be automated bots.
Hi Donncha – Maybe I should put up some ads so
I’m still amazed that AVG think there is nothing wrong with what they are doing. Technically I suppose they are doing nothing wrong as such but the situation stinks.
I enabled those rules this morning and redirected to a local file. Looks like only some of the bots follow the redirect for some reason. Not sure why.
That’s curious. I know that with some of the AVG user agents actually begin with the words ‘User Agent’ I had those filtered by my proxy already.
From the logs, it’s the “User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)” bot that redirects. The others don’t. Seems to be working well though. I’ll post figures in a few days time!
It works very well. It will be interesting to see your stats. I’m racking up about 400 per day.
I wonder why my post didn’t send a pingback? That last one is a spam site.. Did you get many click throughs?
Donncha -
That is very strange! Just deleted the spammy one.
I only found out you linked to my entry via a google alert at 17:35 yesterday (Thursday).
I never got any notification of any track/pingbacks even though WP is configured to allow them. I got no notification of the one I just removed either.
As of half an hour ago, Both Awstats and Firestats both show three visitors referred from your post.
There are a few things that could have caused it that I would rather not discuss here so if you need more info mail me directly.